CVE-2025-15155
LOW EPSS 9.0%
Published Dec 28, 20256mo ago · Modified Jun 17, 20261w ago
1.9 CVSS 4.0
Published Dec 28, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago
Description
A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is identified as 5d11344150973f15e16d3ec4ee7550a73fb995e0. It is advisable to implement a patch to correct this issue.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
9.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 3
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
CWE-121
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| floooh | sokol | * | ≤2025-12-13 |
References 7
- github.com https://github.com/floooh/sokol/commit/5d11344150973f15e16d3ec4ee7550a73fb995e0
- github.com https://github.com/floooh/sokol/issues/1405
- github.com https://github.com/floooh/sokol/issues/1406#issuecomment-3649548096
- github.com https://github.com/oneafter/1212/blob/main/hbf1
- vuldb.com https://vuldb.com/?ctiid.338533
- vuldb.com https://vuldb.com/?id.338533
- vuldb.com https://vuldb.com/?submit.719823
Remediation
- github.com https://github.com/floooh/sokol/commit/5d11344150973f15e16d3ec4ee7550a73fb995e0