CVE-2025-15534
Integer Overflow in raysan5 raylib LoadFontData Function
Publication date: 2026-01-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| raylib | raylib | to 2026-01-01 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
| CWE-189 |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15534 is an integer overflow vulnerability in the raysan5 raylib library, specifically in the LoadFontData function in src/rtext.c. When a corrupted or malicious font file is processed, it causes the font parser to read a negative value that is used as a count parameter in a memory allocation call (calloc). This leads to an integer overflow during the multiplication of count and size, resulting in an invalid memory allocation size. In builds with AddressSanitizer, this triggers an immediate abort, while in release builds without it, the invalid allocation can cause a segmentation fault later when the program dereferences invalid memory. The vulnerability can be exploited locally to cause a denial of service by crashing applications using Raylib's font loading functionality. [2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) by crashing applications that use Raylib's font loading functionality. An attacker with local access can exploit the integer overflow by providing a specially crafted font file, leading to invalid memory allocation and subsequent segmentation faults. This disrupts the availability of the affected application or system. [2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by compiling the Raylib font test harness with AddressSanitizer enabled using the flags '-fsanitize=address -g' and then running it with a crafted malicious font file that triggers the integer overflow in LoadFontData. AddressSanitizer will report a calloc parameters overflow error at src/rtext.c:747. Alternatively, running the test harness without AddressSanitizer under a debugger like GDB with the crafted input will result in a segmentation fault inside GenImageFontAtlas. Suggested commands include: 1) Compile with ASAN: clang -fsanitize=address -g -o font_test_harness font_test_harness.c -lraylib 2) Run with crafted input: ./font_test_harness malicious_font_file 3) Or run under GDB without ASAN: gdb --args ./font_test_harness malicious_font_file [2, 4]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the patch identified by commit 5a3391fdce046bc5473e52afbd835dd2dc127146 provided by the Raylib maintainers. Installing this patch addresses the integer overflow issue in the LoadFontData function. Until the patch is applied, avoid loading untrusted or malicious font files locally, as the exploit requires local access. Additionally, compiling with AddressSanitizer can help detect attempts to exploit this vulnerability during testing. [2, 3, 4]