Login Sign Up

CVE-2025-15533

5.3 MEDIUM
Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability exists in raylib's GenImageFontAtlas function. This allows local attackers to execute arbitrary code or cause denial of service by manipulating font atlas generation. Users of raylib applications are affected if they process untrusted font data.

💻 Affected Systems

Products:
  • raysan5 raylib
Versions: All versions up to commit 909f040
Operating Systems: All platforms where raylib runs (Windows, Linux, macOS, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications using the GenImageFontAtlas function with untrusted font data.

📦 What is this software?

Raylib by Raylib

View all CVEs affecting Raylib →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise via arbitrary code execution.

🟠

Likely Case

Application crash (denial of service) or limited code execution within the application's context.

🟢

If Mitigated

Application crash with no privilege escalation if sandboxed or running with minimal permissions.

🌐 Internet-Facing: LOW - Attack requires local access to execute.
🏢 Internal Only: MEDIUM - Local users could exploit this to escalate privileges or disrupt services.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit requires local access and manipulation of font data. Public proof-of-concept exists in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 5a3391fdce046bc5473e52afbd835dd2dc127146

Vendor Advisory: https://github.com/raysan5/raylib/issues/5433

Restart Required: Yes

Instructions:

1. Update raylib to version including commit 5a3391fdce046bc5473e52afbd835dd2dc127146. 2. Recompile applications with patched library. 3. Restart affected applications.

🔧 Temporary Workarounds

Disable font atlas generation

all

Avoid using GenImageFontAtlas function with untrusted input

Sandbox application

all

Run raylib applications with minimal privileges to limit exploit impact

🧯 If You Can't Patch

  • Restrict local access to systems running vulnerable raylib applications
  • Implement strict input validation for font data before passing to GenImageFontAtlas

🔍 How to Verify

Check if Vulnerable:

Check raylib version/git commit hash. If before commit 5a3391fdce046bc5473e52afbd835dd2dc127146, it's vulnerable.

Check Version:

git log --oneline | head -20 (for source builds) or check library version

Verify Fix Applied:

Verify raylib includes commit 5a3391fdce046bc5473e52afbd835dd2dc127146 in its history.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Unexpected memory access errors in raylib applications

Network Indicators:

  • None - local exploitation only

SIEM Query:

Process:raylib AND (EventID:1000 OR ExceptionCode:c0000005)

📊 Metadata

CVE ID: CVE-2025-15533
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.01% exploit probability (2.4th percentile)
Published: January 18, 2026
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15533, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)