CVE-2025-15155 – A stack-based buffer overflow vulnerability exi... (How to Fix)

Q: What is the severity of CVE-2025-15155?

CVE-2025-15155 has a CVSS score of 5.3 (MEDIUM). A stack-based buffer overflow vulnerability exists in the _sg_pipeline_desc_defaults function of floooh sokol's sokol_gfx.h library. This allows local attackers to potentially execute arbitrary code or crash applications using this library. Any software incorporating vulnerable versions of the sokol library is affected.

📋 TL;DR

A stack-based buffer overflow vulnerability exists in the _sg_pipeline_desc_defaults function of floooh sokol's sokol_gfx.h library. This allows local attackers to potentially execute arbitrary code or crash applications using this library. Any software incorporating vulnerable versions of the sokol library is affected.

💻 Affected Systems

Products:

floooh sokol graphics library

Versions: All versions up to commit 16cbcc864012898793cd2bc57f802499a264ea40

Operating Systems: All platforms where sokol is used (Windows, Linux, macOS, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: This library doesn't use traditional versioning - affected by commit hash. Any application linking against vulnerable sokol_gfx.h is vulnerable.

📦 What is this software?

Sokol by Floooh

View all CVEs affecting Sokol →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise or remote code execution if combined with other vulnerabilities.

🟠

Likely Case

Application crash (denial of service) or limited local code execution within the application's context.

🟢

If Mitigated

Minimal impact if proper memory protections (ASLR, stack canaries) are enabled and the application runs with limited privileges.

🌐 Internet-Facing: LOW - The vulnerability requires local access for exploitation.

🏢 Internal Only: MEDIUM - Local attackers on shared systems could exploit this, but requires specific conditions and targeting.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires local access and specific manipulation of pipeline descriptor functions. Public exploit references exist in GitHub issues.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 5d11344150973f15e16d3ec4ee7550a73fb995e0

Vendor Advisory: https://github.com/floooh/sokol/commit/5d11344150973f15e16d3ec4ee7550a73fb995e0

Restart Required: Yes

Instructions:

1. Update sokol library to commit 5d11344150973f15e16d3ec4ee7550a73fb995e0 or later. 2. Rebuild any applications using sokol_gfx.h. 3. Redeploy patched applications.

🔧 Temporary Workarounds

Disable vulnerable functionality

all

Avoid using or restrict access to pipeline creation functions if possible in your application

🧯 If You Can't Patch

Run applications with minimal privileges (non-admin/non-root accounts)
Enable memory protection mechanisms (ASLR, stack canaries, DEP) at OS and compiler level

🔍 How to Verify

Check if Vulnerable:

Check if your sokol_gfx.h file contains commit hash earlier than 5d11344150973f15e16d3ec4ee7550a73fb995e0

Check Version:

grep -i 'commit\|version' sokol_gfx.h | head -5

Verify Fix Applied:

Verify sokol_gfx.h includes commit 5d11344150973f15e16d3ec4ee7550a73fb995e0 or later in the file header

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults or access violations when using graphics pipeline functions
Unexpected process termination in applications using sokol

Network Indicators:

None - this is a local vulnerability

SIEM Query:

Process:Terminated AND (ProcessName:your_application.exe OR ModulePath:*sokol*) AND ExitCode:0xC0000005

📊 Metadata

CVE ID: CVE-2025-15155

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.02% exploit probability (5.5th percentile)

Published: December 28, 2025

Last Updated: January 6, 2026

🔗 References

https://github.com/floooh/sokol/commit/5d11344150973f15e16d3ec4ee7550a73fb995e0 Patch
https://github.com/floooh/sokol/issues/1405 Exploit,Issue Tracking
https://github.com/floooh/sokol/issues/1406#issuecomment-3649548096 Exploit,Issue Tracking
https://github.com/oneafter/1212/blob/main/hbf1 Not Applicable
https://vuldb.com/?ctiid.338533 Permissions Required,VDB Entry
https://vuldb.com/?id.338533 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.719823 Exploit,Third Party Advisory,VDB Entry
https://vuldb.com/?submit.719823 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15155, you might also want to check these: