Home

Description

A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is identified as 5d11344150973f15e16d3ec4ee7550a73fb995e0. It is advisable to implement a patch to correct this issue.

PUBLISHED Reserved 2025-12-27 | Published 2025-12-28 | Updated 2025-12-29 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Problem types

Stack-based Buffer Overflow

Memory Corruption

Product status

16cbcc864012898793cd2bc57f802499a264ea40
affected

Timeline

2025-12-27:Advisory disclosed
2025-12-27:VulDB entry created
2025-12-27:VulDB entry last update

Credits

Oneafter (VulDB User) reporter

References

vuldb.com/?submit.719823 exploit

vuldb.com/?id.338533 (VDB-338533 | floooh sokol sokol_gfx.h _sg_pipeline_desc_defaults stack-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.338533 (VDB-338533 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.719823 (Submit #719823 | floooh sokol e0832c9 Stack-based Buffer Overflow) third-party-advisory

github.com/floooh/sokol/issues/1405 issue-tracking

github.com/floooh/sokol/issues/1406 issue-tracking

github.com/oneafter/1212/blob/main/hbf1 exploit

github.com/...ommit/5d11344150973f15e16d3ec4ee7550a73fb995e0 patch

cve.org (CVE-2025-15155)

nvd.nist.gov (CVE-2025-15155)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.