Detections
Analytics

openSUSE 16 Security Update : raylib (openSUSE-SU-2026:20717-1)

medium Nessus Plugin ID 315036

Language:

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20717-1 advisory.

 Changes in raylib:

 - security update:
 * CVE-2025-15533: Fix heap-based buffer overflow via GenImageFontAtlas function manipulation (bsc#1256900)
 * CVE-2025-15534: Fix integer overflow vulnerability in LoadFontData (bsc#1256901)

 - Update to 5.5:
 * NEW raylib pre-configured Windows package: The new raylib portable and self-contained Windows package for raylib 5.5, intended for nobel devs that start in programming world, comes with one big addition: support for C code building for Web platform with one-single-mouse-click! For the last 10 years, the pre-configured raylib Windows package allowed to edit simple C projects on Notepad++ and easely compile Windows executables with an automatic script; this new release adds the possibility to compile the same C projects for Web platform with a simple mouse click. This new addition greatly simplifies C to WebAssembly project building for new users. The raylib Windows Installer package can be downloaded for free from raylib on itch.io.
 * NEW raylib project creator tool: A brand new tool developed to help raylib users to setup new projects in a professional way. raylib project creator generates a complete project structure with multiple build systems ready-to-use and GitHub CI/CD actions pre-configured. It only requires providing some C files and basic project parameters! The tools is free and open-source, and it can be used online!.
 * NEW Platform backend supported: RGFW: Thanks to the rcore platform-split implemented in raylib 5.0, adding new platforms backends has been greatly simplified, new backends can be added using provided template, self-contained in a single C module, completely portable. A new platform backend has been added: RGFW. RGFW is a new single-file header-only portable library (RGFW.h) intended for platform-functionality management (windowing and inputs); in this case for desktop platforms (Windows, Linux, macOS) but also for Web platform. It adds a new alternative to the already existing GLFW and SDL platform backends.
 * NEW Platform backend version supported: SDL3: Previous raylib 5.0 added support for SDL2 library, and raylib 5.5 not only improves SDL2 functionality, with several issues reviewed, but also adds support for the recently released big SDL update in years: SDL3. Now users can select at compile time the desired SDL version to use, increasing the number of potential platforms supported in the future!
 * NEW Retro-console platforms supported: Dreamcast, N64, PSP, PSVita, PS4:
 Thanks to the platform-split on raylib 5.0, supporting new platform backends is easier than ever! Along the raylib rlgl module support for the OpenGL 1.1 graphics API, it opened the door to multiple homebrew retro-consoles backend implementations! It's amazing to see raylib running on +20 year old consoles like Dreamcast, PSP or PSVita, considering the hardware constraints of those platforms and proves raylib outstanding versability! Those additional platforms can be found in separate repositories and have been created by the amazing programmer Antonio Jose Ramos Marquez (@psxdev).
 * NEW GPU Skinning support: After lots of requests for this feature, it has been finally added to raylib thanks to the contributor Daniel Holden (@orangeduck), probably the developer that has further pushed models animations with raylib, developing two amazing tools to visualize and test animations: GenoView and BVHView. Adding GPU skinning was a tricky feature, considering it had to be available for all raylib supported platforms, including limited ones like Raspberry Pi with OpenGL ES 2.0, where some advance OpenGL features are not available (UBO, SSBO, Transform Feedback) but a multi-platform solution was found to make it possible. A new example, models_gpu_skinning has been added to illustrate this new functionality. As an extra, previous existing CPU animation system has been greatly improved, multiplying performance by a factor (simplifiying required maths).
 * NEW raymath C++ operators: After several requested for this feature, C++ math operators for Vector2, Vector3, Vector4, Quaternion and Matrix has been added to raymath as an extension to current implementation. Despite being only available for C++ because C does not support it, these operators simplify C++ code when doing math operations.
 * Normals support on batching system
 * Clipboard images reading support
 * CRC32/MD5/SHA1 hash computation
 * Gamepad vibration support
 * Improved font loading (no GPU required) with BDF fonts support
 * Time-based camera movement
 * Improved GLTF animations loading

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected libraylib550 and / or raylib-devel packages.

See Also

https://bugzilla.suse.com/1256900

https://bugzilla.suse.com/1256901

https://www.suse.com/security/cve/CVE-2025-15533

https://www.suse.com/security/cve/CVE-2025-15534

Plugin Details

Severity: Medium

ID: 315036

File Name: openSUSE-2026-20717-1.nasl

Version: 1.2

Type: Local

Agent: unix

Published: 5/16/2026

Updated: 5/18/2026

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-15534

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 4.8

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:raylib-devel, p-cpe:/a:novell:opensuse:libraylib550

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/12/2026

Vulnerability Publication Date: 1/18/2026

Reference Information

CVE: CVE-2025-15533, CVE-2025-15534