Out-of-Bounds Access Vulnerability in z2d Zig 2D Graphics Library by Vancluever
CVE-2025-55286

7.3HIGH

Key Information:

Vendor

Vancluever

Status
Z2d
Vendor
CVE Published:
16 August 2025

What is CVE-2025-55286?

The z2d Zig 2D graphics library contains an out-of-bounds access vulnerability introduced in version 0.7.0 due to a new multi-sample anti-aliasing method. When drawing paths that partially or fully extend beyond the rendering surface, incorrect bounding may allow access outside the intended memory bounds within the coverage buffer. This impacts key drawing operations like Context.fill and Context.stroke under specific anti-aliasing modes, leading to potential invalid memory accesses or corruption under non-safe optimization settings. Upgrading to z2d version 0.7.1 is strongly advised as it addresses this vulnerability.

Affected Version(s)

z2d = 0.7.0

References

https://github.com/vancluever/z2d/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/vancluever/z2d/pull/137
x_refsource_MISC
https://github.com/vancluever/z2d/commit/93e45d36af53cda0...
x_refsource_MISC

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

.