关键漏洞信息 Title: raysan5 raylib 909f040 Integer Overflow Vulnerability Type: Integer Overflow / Argument Injection to calloc - Root Cause Location Affected Version: master branch Environment: - OS: Linux x86_64 - Compiler: Clang - Build Config: Release - AddressSanitizer enabled (-fsanitize=address -g) Description: - Vulnerability: Denial of Service (DoS) vulnerability in Raylib, caused by an Integer Overflow in LoadFontData. - Trigger: An invalid call to with a negative value in the invalid allocation propagates downstream, leading to a Segmentation Fault. - Fix: The vendor confirmed and fixed the vulnerability in commit [5a3391f]. Reproduction Steps: 1. Compile the raylib font test with AddressSanitizer. 2. Run the fuzzer harness with the attached input. 3. Recompile the raylib and font test without AddressSanitizer and run the fuzzer harness. ASAN Report: - Identifies a call to with invalid parameters, resulting in a SIGSEGV. SIGSEGV: - Program received signal SIGSEGV, Segmentation fault. - Detailed debugging information provided. Source: !GitHub User: Oneafter (UID 92781) Submission: 01/07/2026 07:20 AM Moderation: 01/17/2026 05:12 PM Status: Accepted VulDB Entry: 341706 [raysan5 raylib up to 909f040 src/rtext.c LoadFontData integer overflow] Points: 20