Full details not released yet, but a heap overflow leading to RCE has been reported in zlog up through the latest release, 1.2.17 (::gentoo has only 1.2.15). Upstream has not responded to private attempts for several months prior to the issue going public. CVE-2024-22857 has been reserved but not published yet at time of writing. This is distinct from https://bugs.gentoo.org/837518 for which a fix exists but dev-libs/zlog was never bumped. dev-libs/zlog has already started last-rites here: https://bugs.gentoo.org/925342
Thanks for reporting!
Package removed.