PT-2026-44436 — Integer Overflow in Nuget Directxtk12 Desktop Win10+1

PT-2026-44436 · Nuget · Directxtk12 Desktop Win10+1

Published

2026-05-18

Updated

2026-05-18

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Impact

The spritefont reader can be induced to perform a 32-bit overflow multiply that could in theory result in a RCE.

This impacts the use of the DirectX Tool Kit SpriteFont class file loading ctor if given untrusted data files.

Note this only applies to x86/ARM builds of the library. ARM64 and x64 native is not subject to this issue.

Patches

This bug has been fixed in the May 7, 2026 release. Alternatively, you can just update your copy of the reader as per this commit.

Workarounds

This does not apply if a project's .spritefont files are all 'trusted' data that were included with an application. It's primarily an issue only if developers are using user-provided or network downloaded spritefont files.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

GHSA-5R97-79VW-QVM4

Affected Products

Directxtk12 Desktop Win10

Directxtk12 Uwp