GHSA-gg76-hg3v-5q6c: 
Rust vulnerability analysis and mitigation

The macroquad library (version <= 0.4.14) contains multiple critical soundness issues that affect memory safety. The vulnerability, identified as GHSA-gg76-hg3v-5q6c, was published and reviewed on May 15, 2025. The issues primarily stem from unprincipled use of mutable statics throughout the library, which can lead to use-after-free vulnerabilities in safe code (Wiz, GitHub Advisory).

The vulnerability has a CVSS v4 base score of 8.7 (High severity). The main technical issues include unsound implementation of fn get_context() -> &'static mut, which can lead to multiple unique borrows of globally accessible state, potentially causing undefined behavior. The vulnerability requires no special privileges or user interaction to exploit, and can be triggered through network access. The implementation also contains issues with Image struct's public fields that can cause buffer overflows and undefined behavior through safe code (GitHub Advisory, RustSec Advisory).

The vulnerability primarily affects the availability of the system, with no direct impact on confidentiality or integrity. The issues can lead to memory corruption, use-after-free vulnerabilities, and undefined behavior in applications using the macroquad library. The vulnerability can cause program crashes and potential security implications due to memory safety violations (GitHub Advisory).

Currently, no fixed version is available, and resolving these issues doesn't appear to be considered a priority by the maintainers. Users of the library should be aware of the risks and consider alternative solutions or implement additional safety checks in their code (RustSec Advisory).