CVE-2025-46333

Sažetak

z2d is a pure Zig 2D graphics library. In version 0.6.0, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, the source surface can be completely out-of-bounds on the x-axis (but not on the y-axis) by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version 0.6.1.

Reference

https://github.com/vancluever/z2d/issues/104
https://github.com/vancluever/z2d/issues/105
https://github.com/vancluever/z2d/security/advisories/GHSA-mm4c-p35v-7hx3

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

25-04-2025 - 21:15

Objavljeno

25-04-2025 - 21:15