CVE-2020-15999
CVSS v3.1
6.5 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
2.92 % (91th)
Affected Products
5
Advisories
51
NVD Status
Analyzed
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Weaknesses
- CWE-787
- Out-of-bounds Write
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- Chrome
- Published Date
-
2020-11-03 03:15:14
(3 years ago) - Updated Date
-
2024-07-25 17:25:29
(7 weeks ago)
Google Chrome FreeType Heap Buffer Overflow Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
- Required Action
- Apply updates per vendor instructions.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://nvd.nist.gov/vuln/detail/CVE-2020-15999
- Vendor
- Product
- Chrome FreeType
- In CISA Catalog from
-
2021-11-03
(2 years ago) - Due Date
-
2021-11-17
(2 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...