Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-sm3b-d6tn-s3dq
Summary
z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, and higher-level operations when the anti-aliasing mode is set to `.default` (such as `Context.fill`, `Context.stroke`, `painter.fill`, and `painter.stroke`), the source surface can be completely out-of-bounds on the x-axis, but not on the y-axis, by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption.

This issue is patched in version `0.6.1`. Users on an untagged version after `v0.5.1` and before `v0.6.1` are advised to update to address the vulnerability. Those still on Zig `0.13.0` are recommended to downgrade to `v0.5.1`.
Aliases
0
alias CVE-2025-46333
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46333
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23541
published_at 2026-06-11T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23739
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46333
1
reference_url https://github.com/vancluever/z2d/issues/104
reference_id 104
reference_type
scores
0
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T21:36:42Z/
url https://github.com/vancluever/z2d/issues/104
2
reference_url https://github.com/vancluever/z2d/issues/105
reference_id 105
reference_type
scores
0
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T21:36:42Z/
url https://github.com/vancluever/z2d/issues/105
3
reference_url https://github.com/vancluever/z2d/security/advisories/GHSA-mm4c-p35v-7hx3
reference_id GHSA-mm4c-p35v-7hx3
reference_type
scores
0
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T21:36:42Z/
url https://github.com/vancluever/z2d/security/advisories/GHSA-mm4c-p35v-7hx3
Weaknesses
0
cwe_id 119
name Improper Restriction of Operations within the Bounds of a Memory Buffer
description The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
1
cwe_id 122
name Heap-based Buffer Overflow
description A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
2
cwe_id 190
name Integer Overflow or Wraparound
description The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Exploits
Severity_range_score7.3 - 7.3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-sm3b-d6tn-s3dq