216.73.217.173

CVE-2025-46333

· Published 25/04/2025 21:15 · Modified 25/04/2025 21:15

Labels: CVE-2025-46333 2025-04-25CVE-2025-46333CWE-119[email protected]

Essential information

Published
25/04/2025 21:15
Modified
25/04/2025 21:15
Author
Creator
CVSS
7.3 HIGH (v3) 7.3 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

z2d is a pure Zig 2D graphics library. In version 0.6.0, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, the source surface can be completely out-of-bounds on the x-axis (but not on the y-axis) by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version 0.6.1.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
z2d / z2d cpe:2.3:a:z2d:z2d:0.6.0:*:*:*:*:*:*:*
z2d / z2d cpe:2.3:a:z2d:z2d:0.6.1:*:*:*:*:*:*:*

References