CVE-2025-14958

Sažetak

A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The patch is named 33e2271c431bf21de001e972f72da17a984da932. It is suggested to install a patch to address this issue.

Reference

https://github.com/floooh/sokol/issues/1406
https://github.com/floooh/sokol/issues/1406#issuecomment-3649515551
https://github.com/oneafter/1212/blob/main/hbf1
https://github.com/seyhajin/sokol/commit/33e2271c431bf21de001e972f72da17a984da932
https://vuldb.com/?ctiid.337594
https://vuldb.com/?id.337594
https://vuldb.com/?submit.717320
https://github.com/floooh/sokol/issues/1406#issuecomment-3649515551

CVSS

Base:	4.3
Impact:	6.4
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

23-12-2025 - 14:52

Objavljeno

19-12-2025 - 18:15