{"uuid": "7cdbbae7-8d98-4e04-af5e-161cb3f19374", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-5R97-79VW-QVM4", "type": "seen", "source": "https://gist.github.com/alon710/437f2e5c2f0622a4f1f7e66c52bc342f", "content": "# GHSA-5R97-79VW-QVM4: GHSA-5r97-79vw-qvm4: Integer Overflow and Memory Corruption in Microsoft DirectXTK12 SpriteFont Parser\n\n> **CVSS Score:** 5.3\n> **Published:** 2026-05-18\n> **Full Report:** https://cvereports.com/reports/GHSA-5R97-79VW-QVM4\n\n## Summary\nAn integer overflow vulnerability exists in the 32-bit builds of the Microsoft DirectX Tool Kit for DirectX 12 (DirectXTK12). By supplying a crafted .spritefont file, an attacker can trigger out-of-bounds memory operations, potentially leading to memory corruption and remote code execution.\n\n## TL;DR\n32-bit DirectXTK12 builds suffer from an integer overflow in BinaryReader::ReadArray. Malicious .spritefont files can bypass internal bounds checks, causing memory corruption and out-of-bounds reads.\n\n## Technical Details\n\n- **CWE ID**: CWE-190: Integer Overflow or Wraparound\n- **Attack Vector**: Network / Local File (AV:N)\n- **CVSS 4.0 Score**: 5.3 (Medium)\n- **Impact**: Memory Corruption, Out-of-bounds Read, Potential RCE\n- **Exploit Status**: No known public exploits (None)\n- **Architectural Scope**: Affects 32-bit only (x86/ARM)\n\n## Affected Systems\n\n- Microsoft DirectX Tool Kit for DirectX 12 (DirectXTK12)\n- directxtk12_desktop_win10 NuGet Package\n- directxtk12_uwp NuGet Package\n- 32-bit (x86/ARM) Windows Environments\n- **directxtk12_desktop_win10**: < 2026.5.8.1 (Fixed in: `2026.5.8.1`)\n- **directxtk12_uwp**: < 2026.5.8.1 (Fixed in: `2026.5.8.1`)\n\n## Mitigation\n\n- Update NuGet packages `directxtk12_desktop_win10` and `directxtk12_uwp` to the patched versions.\n- Migrate build targets from 32-bit (x86/ARM32) to 64-bit (x64/ARM64) architectures.\n- Restrict .spritefont loading to trusted, internally bundled application assets.\n\n**Remediation Steps:**\n1. Identify all projects utilizing Microsoft DirectX Tool Kit for DirectX 12.\n2. Update package references in Visual Studio or relevant package managers to version 2026.5.8.1.\n3. Recompile all 32-bit targets and deploy the updated binaries.\n4. Audit asset-loading pathways to verify that no user-supplied .spritefont files are parsed by the application.\n\n## References\n\n- [GitHub Security Advisory: GHSA-5r97-79vw-qvm4](https://github.com/microsoft/DirectXTK12/security/advisories/GHSA-5r97-79vw-qvm4)\n- [DirectXTK12 Fix Commit](https://github.com/microsoft/DirectXTK12/commit/c037a024a7ed3b2162fa2bbbe209b84ba2904494)\n- [DirectXTK12 May 2026 Release](https://github.com/microsoft/DirectXTK12/releases/tag/may2026)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-5R97-79VW-QVM4) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-18T16:10:50.000000Z"}