Description
z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, and higher-level operations when the anti-aliasing mode is set to `.default` (such as `Context.fill`, `Context.stroke`, `painter.fill`, and `painter.stroke`), the source surface can be completely out-of-bounds on the x-axis, but not on the y-axis, by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version `0.6.1`. Users on an untagged version after `v0.5.1` and before `v0.6.1` are advised to update to address the vulnerability. Those still on Zig `0.13.0` are recommended to downgrade to `v0.5.1`.
Problem types
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122: Heap-based Buffer Overflow
CWE-190: Integer Overflow or Wraparound
Product status
References
github.com/...er/z2d/security/advisories/GHSA-mm4c-p35v-7hx3
github.com/vancluever/z2d/issues/104
github.com/vancluever/z2d/issues/105