{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15533", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-17T16:11:40.667Z", "datePublished": "2026-01-18T05:02:08.672Z", "dateUpdated": "2026-01-18T05:02:08.672Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-01-18T05:02:08.672Z"}, "title": "raysan5 raylib rtext.c GenImageFontAtlas heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "raysan5", "product": "raylib", "versions": [{"version": "909f040", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called 5a3391fdce046bc5473e52afbd835dd2dc127146. Applying a patch is advised to resolve this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-01-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-17T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-17T17:16:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Oneafter (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.341705", "name": "VDB-341705 | raysan5 raylib rtext.c GenImageFontAtlas heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.341705", "name": "VDB-341705 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.733341", "name": "Submit #733341 | raysan5 raylib 909f040 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.733342", "name": "Submit #733342 | raysan5 raylib 909f040 Heap-based Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/raysan5/raylib/issues/5433", "tags": ["issue-tracking"]}, {"url": "https://github.com/raysan5/raylib/pull/5450", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/1224/blob/main/hbf2", "tags": ["exploit"]}, {"url": "https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc127146", "tags": ["patch"]}], "tags": ["x_open-source"]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called 5a3391fdce046bc5473e52afbd835dd2dc127146. Applying a patch is advised to resolve this issue."}], "id": "CVE-2025-15533", "lastModified": "2026-01-18T05:16:16.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-18T05:16:16.360", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/oneafter/1224/blob/main/hbf2"}, {"source": "cna@vuldb.com", "url": "https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc127146"}, {"source": "cna@vuldb.com", "url": "https://github.com/raysan5/raylib/issues/5433"}, {"source": "cna@vuldb.com", "url": "https://github.com/raysan5/raylib/pull/5450"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.341705"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.341705"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.733341"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.733342"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "raylib: raylib: Heap-based buffer overflow via GenImageFontAtlas function manipulation", "id": "2430661", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430661"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "(CWE-119|CWE-122)", "details": ["A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called 5a3391fdce046bc5473e52afbd835dd2dc127146. Applying a patch is advised to resolve this issue.", "A flaw was found in raylib. A local user could exploit a heap-based buffer overflow vulnerability by manipulating data within the GenImageFontAtlas function. This could lead to information disclosure, data corruption, or denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2025-15533", "public_date": "2026-01-18T05:02:08Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-15533\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15533\nhttps://github.com/oneafter/1224/blob/main/hbf2\nhttps://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc127146\nhttps://github.com/raysan5/raylib/issues/5433\nhttps://github.com/raysan5/raylib/pull/5450\nhttps://vuldb.com/?ctiid.341705\nhttps://vuldb.com/?id.341705\nhttps://vuldb.com/?submit.733341\nhttps://vuldb.com/?submit.733342"], "statement": "This vulnerability is rated Moderate for Red Hat. A heap-based buffer overflow in the `GenImageFontAtlas` function of `raylib` can be exploited locally. This affects Red Hat Community Projects, specifically `raylib` in Fedora 42 and 43, where a local attacker could potentially cause a denial of service or achieve limited impact on confidentiality and integrity.", "threat_severity": "Moderate"}

{"created": "2026-01-19T09:18:55.453941+00:00", "updated": "2026-01-19T09:18:55.453968+00:00", "vendors": ["raylib", "raylib$PRODUCT$raylib"]}