Home

Description

A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is b95c5245ba357967220c9a860c7578a7487937b0. It is best practice to apply a patch to resolve this issue.

PUBLISHED Reserved 2025-12-21 | Published 2025-12-22 | Updated 2025-12-22 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Problem types

Stack-based Buffer Overflow

Memory Corruption

Product status

5d11344150973f15e16d3ec4ee7550a73fb995e0
affected

Timeline

2025-12-21:Advisory disclosed
2025-12-21:VulDB entry created
2025-12-21:VulDB entry last update

Credits

Oneafter (VulDB User) reporter

References

vuldb.com/?id.337719 (VDB-337719 | floooh sokol sokol_gfx.h _sg_validate_pipeline_desc stack-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.337719 (VDB-337719 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.719820 (Submit #719820 | floooh sokol e0832c9 Stack-based Buffer Overflow) third-party-advisory

github.com/floooh/sokol/issues/1404 issue-tracking

github.com/seyhajin/sokol/pull/246 issue-tracking

github.com/oneafter/1212/blob/main/stack1 exploit

github.com/...ommit/b95c5245ba357967220c9a860c7578a7487937b0 patch

cve.org (CVE-2025-15013)

nvd.nist.gov (CVE-2025-15013)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.