Memory Access Issue in z2d Graphics Library by Vancluever
CVE-2025-46333

7.3HIGH

Key Information:

Vendor

Vancluever

Status
Z2d
Vendor
CVE Published:
25 April 2025

What is CVE-2025-46333?

The z2d graphics library, a pure Zig 2D graphics solution, presents a vulnerability in version 0.6.0 where an out-of-bounds write can occur when using the z2d.compositor.StrideCompositor.run method. This issue arises from a negative offset on the x-axis, which results in an overflow that alters the stride length parameters. In non-safe optimization modes, such as when compiling with ReleaseFast or ReleaseSmall, this could lead to invalid memory accesses or data corruption. Users are advised to upgrade to version 0.6.1 to mitigate this risk.

Affected Version(s)

z2d > 0.5.1, <= 0.6.0

References

https://github.com/vancluever/z2d/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/vancluever/z2d/issues/104
x_refsource_MISC
https://github.com/vancluever/z2d/issues/105
x_refsource_MISC

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

.