JLSEC-2026-127

SDLttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTFRenderText_Solid(). This vulnerability is triggered via a crafted TTF file.