CVE-2025-55286

Name of the Vulnerable Software and Affected Versions: z2d versions 0.7.0

Description: z2d is a pure Zig 2D graphics library. A new multi-sample anti-aliasing (MSAA) method introduced in version 0.7.0 uses a new buffering mechanism for storing coverage data. Incorrect bounding under certain circumstances, where a drawn path exists outside the rendering surface, can cause out-of-bounds access within the coverage buffer. This affects higher-level drawing operations, including Context.fill, Context.stroke, painter.fill, and painter.stroke, when using the .default or .multisample 4x anti-aliasing modes. The .supersample 4x mode and drawing without anti-aliasing are not affected. In non-safe optimization modes (ReleaseFast or ReleaseSmall), this can potentially lead to invalid memory accesses or corruption.

Recommendations: Upgrade to z2d version 0.7.1, or skip version 0.7.0 and use version 0.7.1 directly.