Out-of-Bounds Access Vulnerability in z2d Zig 2D Graphics Library by Vancluever
CVE-2025-55286
Currently unrated
What is CVE-2025-55286?
The z2d Zig 2D graphics library contains an out-of-bounds access vulnerability introduced in version 0.7.0 due to a new multi-sample anti-aliasing method. When drawing paths that partially or fully extend beyond the rendering surface, incorrect bounding may allow access outside the intended memory bounds within the coverage buffer. This impacts key drawing operations like Context.fill and Context.stroke under specific anti-aliasing modes, leading to potential invalid memory accesses or corruption under non-safe optimization settings. Upgrading to z2d version 0.7.1 is strongly advised as it addresses this vulnerability.