Reported

April 23, 2025

Issued

May 14, 2025

Package

macroquad (crates.io)

Type

INFO Unsound

Categories

• memory-corruption

Keywords

#buffer-overflow #use-after-free #undefined-behavior

References

• https://github.com/not-fl3/macroquad/issues/333
• https://github.com/not-fl3/macroquad/issues/634
• https://github.com/not-fl3/macroquad/issues/746
• https://github.com/not-fl3/macroquad/issues/723

Patched

no patched versions

Description

Several soundness issues have been reported. Resolving them doesn't seem to be considered a priority. In particular, unprincipled use of mutable statics is pervasive throughout the library, making it possible to cause use-after-free in safe code.

Currently, no fixed version is available.

Advisory available under CC0-1.0 license.