GRUB2 CVE-2022-2601 - Heap Overflow in PF2 Font Glyph Loading via Integer Overflow

GRUB2 versions up to 2.06 have a heap buffer overflow vulnerability in the font rendering module when processing crafted PF2 (portable font 2) font files. The vulnerability occurs in the grub_font_get_glyph_internal() function when loading glyph bitmap data. The width and height fields from the font file are multiplied to calculate the bitmap size, but this multiplication can overflow when both values are large (e.g., 0xFFFF each), resulting in an undersized heap allocation. The subsequent file read operation then overflows the allocated buffer.