Raysan5 Raylib Heap-Based Buffer Overflow Vulnerability in GenImageFontAtlas Function

A heap-based buffer overflow vulnerability has been identified in the Raylib library, specifically in versions up to 909f040. The issue arises in the GenImageFontAtlas function within the src/rtext.c file. This vulnerability allows for writing data beyond the allocated buffer size, which can lead to memory corruption. The problem can be exploited locally, and a public exploit is available.

Impact

Exploitation of this vulnerability causes a heap-buffer overflow, where the application writes data outside the bounds of a heap-allocated buffer. This type of memory corruption can potentially be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by compiling the Raylib font test harness with AddressSanitizer enabled, which helps detect memory errors. After compiling the harness, it can be run with a specific input that triggers the buffer overflow. The AddressSanitizer will report the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

Users are advised to update to the version of Raylib that includes the patch for this vulnerability. The patched version is available in the official Raylib repository.