Nixpkgs security tracker

Permalink CVE-2025-15533

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 4 months ago by @mweinelt Activity log

Created suggestion 4 months ago
@mweinelt ignored
5 packages
- raylib-games
- ocamlPackages.raylib
- haskellPackages.h-raylib
- python312Packages.raylib-python-cffi
- python313Packages.raylib-python-cffi
4 months ago
@mweinelt deleted maintainer @Sigmanificient 4 months ago maintainer.delete
@mweinelt added maintainer @ehmry 4 months ago maintainer.add
@mweinelt deleted maintainer @ehmry 4 months ago maintainer.delete
@mweinelt accepted 4 months ago
@mweinelt published on GitHub 4 months ago

raysan5 raylib rtext.c GenImageFontAtlas heap-based overflow

A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called 5a3391fdce046bc5473e52afbd835dd2dc127146. Applying a patch is advised to resolve this issue.