Impact
The spritefont reader can be induced to perform a 32-bit overflow multiply that could in theory result in a RCE.
This impacts the use of the DirectX Tool Kit SpriteFont class file loading ctor if given untrusted data files.
Note this only applies to x86/ARM builds of the library. ARM64 and x64 native is not subject to this issue.
Patches
This bug has been fixed in the May 7, 2026 release. Alternatively, you can just update your copy of the reader as per this commit.
Workarounds
This does not apply if your .spritefont files are all 'trusted' data that were included with your application. It's primarily an issue only if you are using user-provided or network downloaded spritefont files.
Impact
The spritefont reader can be induced to perform a 32-bit overflow multiply that could in theory result in a RCE.
This impacts the use of the DirectX Tool Kit SpriteFont class file loading ctor if given untrusted data files.
Patches
This bug has been fixed in the May 7, 2026 release. Alternatively, you can just update your copy of the reader as per this commit.
Workarounds
This does not apply if your .spritefont files are all 'trusted' data that were included with your application. It's primarily an issue only if you are using user-provided or network downloaded spritefont files.