Nixpkgs security tracker

Published

Permalink CVE-2025-15533

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 2 months, 2 weeks ago by @mweinelt Activity log

Created automatic suggestion 2 months, 3 weeks ago
@mweinelt removed package raylib-games 2 months, 2 weeks ago
@mweinelt removed package ocamlPackages.raylib 2 months, 2 weeks ago
@mweinelt removed package haskellPackages.h-raylib 2 months, 2 weeks ago
@mweinelt removed package python312Packages.raylib-python-cffi 2 months, 2 weeks ago
@mweinelt removed package python313Packages.raylib-python-cffi 2 months, 2 weeks ago
@mweinelt removed maintainer @Sigmanificient 2 months, 2 weeks ago
@mweinelt added maintainer @ehmry 2 months, 2 weeks ago
@mweinelt removed maintainer @ehmry 2 months, 2 weeks ago
@mweinelt accepted 2 months, 2 weeks ago
@mweinelt published on GitHub 2 months, 2 weeks ago

raysan5 raylib rtext.c GenImageFontAtlas heap-based overflow

A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called 5a3391fdce046bc5473e52afbd835dd2dc127146. Applying a patch is advised to resolve this issue.

References

VDB-341705 | raysan5 raylib rtext.c GenImageFontAtlas heap-based overflow vdb-entrytechnical-description
VDB-341705 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #733341 | raysan5 raylib 909f040 Heap-based Buffer Overflow third-party-advisory
Submit #733342 | raysan5 raylib 909f040 Heap-based Buffer Overflow (Duplicate) third-party-advisory
https://github.com/raysan5/raylib/issues/5433 issue-tracking
https://github.com/raysan5/raylib/pull/5450 issue-tracking
https://github.com/oneafter/1224/blob/main/hbf2 exploit
https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc1271… patch
VDB-341705 | raysan5 raylib rtext.c GenImageFontAtlas heap-based overflow vdb-entrytechnical-description
VDB-341705 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #733341 | raysan5 raylib 909f040 Heap-based Buffer Overflow third-party-advisory
Submit #733342 | raysan5 raylib 909f040 Heap-based Buffer Overflow (Duplicate) third-party-advisory
https://github.com/raysan5/raylib/issues/5433 issue-tracking
https://github.com/raysan5/raylib/pull/5450 issue-tracking
https://github.com/oneafter/1224/blob/main/hbf2 exploit
https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc1271… patch

Affected products

raylib

==909f040

Matching in nixpkgs

pkgs.raylib

Simple and easy-to-use library to enjoy videogames programming

nixos-unstable 5.5
- nixpkgs-unstable 5.5
- nixos-unstable-small 5.5

Package maintainers

@diniamo diniamo <diniamo53@gmail.com>

Untriaged

Permalink CVE-2025-15534

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months, 3 weeks ago

raysan5 raylib rtext.c LoadFontData integer overflow

A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The identifier of the patch is 5a3391fdce046bc5473e52afbd835dd2dc127146. It is suggested to install a patch to address this issue.