CVE-2025-15534
Published: 18 January 2026
Summary
CVE-2025-15534 is a medium-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Raylib Raylib. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer overflow in font loading function enables local memory corruption leading to limited code execution or privilege escalation in applications using the library.
NVD Description
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit…
more
is publicly available and might be used. The identifier of the patch is 5a3391fdce046bc5473e52afbd835dd2dc127146. It is suggested to install a patch to address this issue.
Deeper analysisAI
CVE-2025-15534 is an integer overflow vulnerability (CWE-189, CWE-190) in the LoadFontData function of the src/rtext.c file in the raylib library by raysan5, affecting versions up to commit 909f040. The issue was published on 2026-01-18 and carries a CVSS v3.1 base score of 5.3.
Exploitation requires a local attacker with low privileges (AV:L/AC:L/PR:L/UI:N/S:U), enabling limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L). A public exploit is available, which could be leveraged in a local environment.
The recommended mitigation is to apply the patch at commit 5a3391fdce046bc5473e52afbd835dd2dc127146. Additional details are documented in raylib repository issue #5436 and pull request #5450.
Details
- CWE(s)