CVE-2025-15534
Unknown Unknown - Not Provided
Integer Overflow in raysan5 raylib LoadFontData Function

Publication date: 2026-01-18

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The identifier of the patch is 5a3391fdce046bc5473e52afbd835dd2dc127146. It is suggested to install a patch to address this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-18
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-01-18
EPSS Evaluated
2026-06-14
NVD
CVE-2025-15534
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
raylib raylib to 2026-01-01 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-189
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15534 is an integer overflow vulnerability in the raysan5 raylib library, specifically in the LoadFontData function in src/rtext.c. When a corrupted or malicious font file is processed, it causes the font parser to read a negative value that is used as a count parameter in a memory allocation call (calloc). This leads to an integer overflow during the multiplication of count and size, resulting in an invalid memory allocation size. In builds with AddressSanitizer, this triggers an immediate abort, while in release builds without it, the invalid allocation can cause a segmentation fault later when the program dereferences invalid memory. The vulnerability can be exploited locally to cause a denial of service by crashing applications using Raylib's font loading functionality. [2, 3, 4]

Impact Analysis

This vulnerability can cause a denial of service (DoS) by crashing applications that use Raylib's font loading functionality. An attacker with local access can exploit the integer overflow by providing a specially crafted font file, leading to invalid memory allocation and subsequent segmentation faults. This disrupts the availability of the affected application or system. [2, 4]

Detection Guidance

This vulnerability can be detected by compiling the Raylib font test harness with AddressSanitizer enabled using the flags '-fsanitize=address -g' and then running it with a crafted malicious font file that triggers the integer overflow in LoadFontData. AddressSanitizer will report a calloc parameters overflow error at src/rtext.c:747. Alternatively, running the test harness without AddressSanitizer under a debugger like GDB with the crafted input will result in a segmentation fault inside GenImageFontAtlas. Suggested commands include: 1) Compile with ASAN: clang -fsanitize=address -g -o font_test_harness font_test_harness.c -lraylib 2) Run with crafted input: ./font_test_harness malicious_font_file 3) Or run under GDB without ASAN: gdb --args ./font_test_harness malicious_font_file [2, 4]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to apply the patch identified by commit 5a3391fdce046bc5473e52afbd835dd2dc127146 provided by the Raylib maintainers. Installing this patch addresses the integer overflow issue in the LoadFontData function. Until the patch is applied, avoid loading untrusted or malicious font files locally, as the exploit requires local access. Additionally, compiling with AddressSanitizer can help detect attempts to exploit this vulnerability during testing. [2, 3, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15534. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart