CoreGraphics can be made to write out-of-bounds memory when rendering a specially crafted font. This vulnerability can also be triggered through Safari. The vulnerability was confirmed on macOS Big Sur version 11.1.
e8027d05a6dd6acb716ee4876e073b6e72b34b7dfda2f94a9e8c4770517e1ddd