Heap-Based Buffer Overflow Vulnerability in floooh Sokol Library
CVE-2025-14958

4.8MEDIUM

Key Information:

Vendor

Floooh

Status
Sokol
Vendor
CVE Published:
19 December 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-14958?

A significant security flaw has been identified within the floooh Sokol library, specifically in the _sg_pipeline_common_init function located in sokol_gfx.h. This vulnerability manifests as a heap-based buffer overflow, which could potentially be exploited by attackers with local access to the system. Exploitation of this vulnerability demands a careful approach, given that it is primarily intended for local execution. A patch has been released for version identification 33e2271c431bf21de001e972f72da17a984da932, and it is highly recommended for users to implement this update to secure their systems against possible exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

sokol 33e2271c431bf21de001e972f72da17a984da932

References

https://vuldb.com/?id.337594
vdb-entrytechnical-description
https://vuldb.com/?ctiid.337594
signaturepermissions-required
https://vuldb.com/?submit.717320
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Oneafter (VulDB User)
JSON
.