CVE-2025-55286
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-16

Last updated on: 2025-08-18

Assigner: GitHub, Inc.

Description
z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing (MSAA) method, which uses a new buffering mechanism for storing coverage data. This differs from the standard alpha mask surface used for the previous super-sample anti-aliasing (SSAA) method. Under certain circumstances where the path being drawn existed in whole or partly outside of the rendering surface, incorrect bounding could cause out-of-bounds access within the coverage buffer. This affects the higher-level drawing operations, such as Context.fill, Context.stroke, painter.fill, and painter.stroke, when either the .default or .multisample_4x anti-aliasing modes were used. .supersample_4x was not affected, nor was drawing without anti-aliasing. In non-safe optimization modes (consumers compiling with ReleaseFast or ReleaseSmall), this could potentially lead to invalid memory accesses or corruption. z2d v0.7.1 fixes this issue, and it's recommended to upgrade to v0.7.1, or, given the small period of time v0.7.0 has been released, use v0.7.1 immediately, skipping v0.7.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-16
Last Modified
2025-08-18
Generated
2026-05-07
AI Q&A
2025-08-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-55286
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vancluever z2d 0.7.0
vancluever z2d 0.7.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the z2d graphics library version 0.7.0, which introduced a new multi-sample anti-aliasing (MSAA) method using a new buffering mechanism for coverage data. When drawing paths that are partially or fully outside the rendering surface, incorrect bounding calculations can cause out-of-bounds access within the coverage buffer. This affects certain drawing operations when using .default or .multisample_4x anti-aliasing modes, potentially leading to invalid memory accesses or memory corruption in non-safe optimization modes.


How can this vulnerability impact me? :

The vulnerability can lead to invalid memory accesses or memory corruption when using affected drawing operations with specific anti-aliasing modes in non-safe optimization builds. This could cause application crashes, unexpected behavior, or potentially exploitable conditions depending on how the library is used in your software.


What immediate steps should I take to mitigate this vulnerability?

Upgrade z2d to version 0.7.1 immediately, skipping version 0.7.0, as it fixes the vulnerability. Avoid using the affected version 0.7.0 and consider disabling the .default or .multisample_4x anti-aliasing modes if upgrading is not immediately possible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart