Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2025-15534

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

created 4 months ago Activity log

Created suggestion 4 months ago

raysan5 raylib rtext.c LoadFontData integer overflow

A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The identifier of the patch is 5a3391fdce046bc5473e52afbd835dd2dc127146. It is suggested to install a patch to address this issue.

References

VDB-341706 | raysan5 raylib rtext.c LoadFontData integer overflow vdb-entrytechnical-description
VDB-341706 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #733343 | raysan5 raylib 909f040 Integer Overflow third-party-advisory
https://github.com/raysan5/raylib/issues/5436 issue-tracking
https://github.com/raysan5/raylib/pull/5450 issue-tracking
https://github.com/oneafter/1224/blob/main/segv1 exploit
https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc1271… patch

Affected products

raylib

==909f040

Matching in nixpkgs

pkgs.raylib

Simple and easy-to-use library to enjoy videogames programming

nixos-unstable 5.5
- nixpkgs-unstable 5.5
- nixos-unstable-small 5.5

pkgs.raylib-games

Collection of games made with raylib

nixos-unstable 2022-10-24
- nixpkgs-unstable 2022-10-24
- nixos-unstable-small 2022-10-24

pkgs.ocamlPackages.raylib

OCaml bindings for Raylib (5.0.0)

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0

pkgs.haskellPackages.h-raylib

Raylib bindings for Haskell

nixos-unstable 5.5.3.1
- nixpkgs-unstable 5.5.3.1
- nixos-unstable-small 5.5.3.1

pkgs.python312Packages.raylib-python-cffi

Python CFFI bindings for Raylib

nixos-unstable 5.5.0.3
- nixpkgs-unstable 5.5.0.3
- nixos-unstable-small 5.5.0.3

pkgs.python313Packages.raylib-python-cffi

Python CFFI bindings for Raylib

nixos-unstable 5.5.0.3
- nixpkgs-unstable 5.5.0.3
- nixos-unstable-small 5.5.0.3

Package maintainers

@Sigmanificient Yohann Boniface <sigmanificient@gmail.com>
@diniamo diniamo <diniamo53@gmail.com>
@ehmry Emery Hemingway <ehmry@posteo.net>
@r17x Rin <hi@rin.rocks>