DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-C55G-RP4X-FX84: GHSA-C55G-RP4X-FX84: Integer Overflow and Out-of-Bounds Access in DirectX Tool Kit SpriteFont Parser

#security #cve #cybersecurity #ghsa

GHSA-C55G-RP4X-FX84: Integer Overflow and Out-of-Bounds Access in DirectX Tool Kit SpriteFont Parser

Vulnerability ID: GHSA-C55G-RP4X-FX84
CVSS Score: 7.8
Published: 2026-05-18

The Microsoft DirectX Tool Kit (DirectXTK and DirectXTK12) contains an integer overflow vulnerability in its SpriteFont parsing implementation, specifically affecting 32-bit application builds. The flaw resides in the DirectX::BinaryReader::ReadArray template function, where a multiplication operation using 32-bit arithmetic wraps around when processing maliciously crafted .spritefont files. This miscalculation circumvents pointer arithmetic safety checks, leading to out-of-bounds memory access. Successful exploitation allows an attacker to achieve memory corruption or information disclosure within the application parsing the untrusted file.

TL;DR

A 32-bit integer overflow in the DirectX Tool Kit's BinaryReader::ReadArray function allows crafted .spritefont files to bypass size validation. This leads to heap buffer overflows or out-of-bounds reads when parsing maliciously structured font files on 32-bit architectures.

Technical Details

  • CWE ID: CWE-190
  • Attack Vector: Local/Remote via Crafted File
  • CVSS Score: 7.8
  • Vulnerability Impact: Out-of-Bounds Memory Access
  • Architecture Dependency: 32-bit only (x86, ARM32)
  • Exploit Status: None documented

Affected Systems

  • Microsoft DirectXTK (32-bit builds)
  • Microsoft DirectXTK12 (32-bit builds)
  • Applications parsing .spritefont files using affected library versions
  • DirectXTK: < May 2026 (Fixed in: May 2026)
  • DirectXTK12: < May 2026 (Fixed in: May 2026)

Code Analysis

Commit: ef1bd5d

Fix integer overflow in BinaryReader::ReadArray

Mitigation Strategies

  • Update to the May 2026 release of DirectXTK and DirectXTK12.
  • Migrate application compilation targets from 32-bit (x86/ARM32) to 64-bit (x64/ARM64).
  • Implement file size and structural bounds validation for user-supplied asset files before parsing.

Remediation Steps:

  1. Identify all projects utilizing the DirectXTK or DirectXTK12 libraries.
  2. Update the dependency references or source submodules to the May 2026 release tags.
  3. Clean the build environment and recompile the entire application to ensure the updated BinaryReader.h template is instantiated.
  4. Deploy the updated 32-bit binaries to end-users.

References

Read the full report for GHSA-C55G-RP4X-FX84 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)