Medium severity5.3NVD Advisory· Published Jan 18, 2026· Updated Apr 29, 2026

CVE-2025-15534

Description

A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The identifier of the patch is 5a3391fdce046bc5473e52afbd835dd2dc127146. It is suggested to install a patch to address this issue.

Affected products

Raylib/Raylib
cpe:2.3:a:raylib:raylib:*:*:*:*:*:*:*:*
Range: <2026-01-01

Patches

5a3391fdce04

https://github.com/raysan5/raylibvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc127146nvdPatch
github.com/oneafter/1224/blob/main/segv1nvdExploit
github.com/raysan5/raylib/issues/5436nvdExploitIssue TrackingVendor Advisory
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
github.com/raysan5/raylib/pull/5450nvdIssue Tracking
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000