A remote attacker could entice a user to open a specially crafted font file using FreeType possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All FreeType users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.10.3-r1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/freetype< 2.10.3-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	media-libs/freetype	< 2.10.3-r1	UNKNOWN

checkpoint_advisories 1

gitlab 4

nessus 69

githubexploit 3

osv 10

github 1

centos 1

amazon 1

fedora 3

suse 13

oraclelinux 2

thn 5

prion 1

veracode 2

cloudfoundry 1

debian 4

redhat 12

cbl_mariner 2

qualysblog 2

ubuntucve 1

rocky 1

ubuntu 2

debiancve 1

mageia 1

malwarebytes 2

threatpost 4

almalinux 1

archlinux 3

redhatcve 1

alpinelinux 1

f5 1

cve 1

slackware 1

gentoo 3

freebsd 2

photon 5

attackerkb 2

cisa_kev 1

ibm 3

krebs 1

ics 1

kaspersky 5

chrome 1

googleprojectzero 2

mozilla 3

altlinux 2

mscve 1

checkpoint_advisories

Google Chrome Memory Corruption (CVE-2020-15999)

2020-10-24 00:00:00

gitlab

Out-of-bounds Write

2020-10-27 00:00:00

Out-of-bounds Write

2020-10-27 00:00:00

Out-of-bounds Write

2020-10-27 00:00:00

nessus

RHEL 7 : freetype (RHSA-2020:4907)

2020-11-04 00:00:00

NewStart CGSL CORE 5.05 / MAIN 5.05 : freetype Vulnerability (NS-SA-2021-0144)

2021-10-27 00:00:00

RHEL 8 : freetype (RHSA-2020:4950)

2020-11-05 00:00:00

githubexploit

Exploit for Out-of-bounds Write in Google Chrome

2020-10-28 16:16:25

Exploit for Out-of-bounds Write in Google Chrome

2020-12-30 18:02:23

Exploit for Out-of-bounds Write in Google Chrome

2020-12-30 19:58:33

osv

freetype - security update

2020-10-25 00:00:00

Important: freetype security update

2020-11-05 08:26:43

freetype - security update

2020-10-21 00:00:00

github

Heap buffer overflow in CefSharp

2020-10-27 19:47:38

centos

freetype security update

2020-11-06 21:57:09

amazon

Important: freetype

2020-12-08 20:55:00

fedora

[SECURITY] Fedora 31 Update: freetype-2.10.0-4.fc31

2020-11-07 01:28:39

[SECURITY] Fedora 33 Update: freetype-2.10.4-1.fc33

2020-10-25 01:01:39

[SECURITY] Fedora 32 Update: freetype-2.10.4-1.fc32

2020-10-25 01:21:04

suse

Security update for freetype2 (important)

2020-10-26 00:00:00

Security update for freetype2 (important)

2020-10-25 00:00:00

Security update for chromium (important)

2020-10-24 00:00:00

oraclelinux

freetype security update

2020-11-06 00:00:00

freetype security update

2020-11-13 00:00:00

thn

New Chrome 0-day Under Active Attacks – Update Your Browser Now

2020-10-21 16:26:00

WARNING: Google Discloses Windows Zero-Day Bug Exploited in the Wild

2020-11-02 09:43:00

New Chrome Zero-Day Under Active Attacks – Update Your Browser

2020-11-03 09:33:00

prion

Heap overflow

2020-11-03 03:15:00

veracode

Heap Buffer Overflow

2020-11-05 03:17:59

Heap Buffer Overflow

2020-10-25 12:34:11

cloudfoundry

USN-4593-1: FreeType vulnerability | Cloud Foundry

2020-11-19 00:00:00

debian

[SECURITY] [DSA 4777-1] freetype security update

2020-10-21 19:00:07

[SECURITY] [DLA 2415-1] freetype security update

2020-10-25 21:59:56

[SECURITY] [DSA 4777-1] freetype security update

2020-10-21 19:00:07

redhat

(RHSA-2020:4907) Important: freetype security update

2020-11-04 09:39:15

(RHSA-2020:4952) Important: freetype security update

2020-11-05 08:26:43

(RHSA-2020:4951) Important: freetype security update

2020-11-05 08:24:50

cbl_mariner

CVE-2020-15999 affecting package freetype 2.9.1-5

2022-04-09 06:51:42

CVE-2020-15999 affecting package freetype 2.9.1-4

2022-03-19 16:40:53

qualysblog

Vulnerability Detection Pipeline (Beta)

2020-09-16 17:43:34

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

ubuntucve

CVE-2020-15999

2020-10-20 00:00:00

rocky

freetype security update

2020-11-05 08:26:43

ubuntu

FreeType vulnerability

2020-10-22 00:00:00

FreeType vulnerability

2020-10-20 00:00:00

debiancve

CVE-2020-15999

2020-11-03 03:15:00

mageia

Updated freetype2 packages fix security vulnerability

2020-10-20 19:22:12

malwarebytes

Google patches actively exploited zero-day bug that affects Chrome users

2020-10-26 10:58:14

Update your Chrome again as Google patches second zero-day in two weeks

2020-11-03 18:30:00

threatpost

Microsoft IE Browser Death March Hastens

2020-10-26 22:26:57

Microsoft Patch Tuesday Update Fixes 17 Critical Bugs

2020-11-10 21:12:21

Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser

2020-10-21 12:23:29

almalinux

Important: freetype security update

2020-11-05 08:26:43

archlinux

[ASA-202010-10] freetype2: arbitrary code execution

2020-10-20 00:00:00

[ASA-202010-11] lib32-freetype2: arbitrary code execution

2020-10-20 00:00:00

[ASA-202011-12] firefox: multiple issues

2020-11-17 00:00:00

redhatcve

CVE-2020-15999

2020-10-21 18:33:33

alpinelinux

CVE-2020-15999

2020-11-03 03:15:00

K000133070 : Freetype vulnerability CVE-2020-15999

2023-03-20 00:00:00

cve

CVE-2020-15999

2020-11-03 03:15:00

slackware

[slackware-security] freetype

2020-10-20 22:26:01

gentoo

Opera: Multiple Vulnerabilities

2024-01-15 00:00:00

Chromium, Google Chrome: Multiple vulnerabilities

2020-11-11 00:00:00

Mozilla Thunderbird: Multiple vulnerabilities

2020-12-07 00:00:00

freebsd

freetype2 -- heap buffer overlfow

2020-10-20 00:00:00

chromium -- multiple vulnerabilities

2020-10-20 00:00:00

photon

Moderate Photon OS Security Update - PHSA-2022-0442

2022-02-16 00:00:00

Critical Photon OS Security Update - PHSA-2022-0364

2022-02-22 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0156

2022-02-25 00:00:00

attackerkb

CVE-2020-17087 Windows Kernel local privilege escalation 0day

2020-11-11 00:00:00

CVE-2020-15999 Chrome Freetype 0day

2020-11-03 00:00:00

cisa_kev

Google Chrome FreeType Heap Buffer Overflow Vulnerability

2021-11-03 00:00:00

ibm

Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-1971, CVE-2020-15999, CVE-2017-12652)

2021-08-16 07:01:26

Security Bulletin: IBM Analyst's Notebook Premium uses a component with known vulnerabilities (CVE-2020-16013, CVE-2020-16009, CVE-2020-15999)

2021-07-23 15:10:10

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.5 ESR + CVE-2020-26951) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.2.0

2021-02-25 07:21:06

krebs

Patch Tuesday, November 2020 Edition

2020-11-11 01:56:41

ics

Rockwell Automation Connected Components Workbench

2023-09-21 12:00:00

kaspersky

KLA12013 Multiple vulnerabilities in Opera

2020-10-29 00:00:00

KLA11986 Multiple vulnerabilities in Google Chrome

2020-10-20 00:00:00

KLA12012 Multiple vulnerabilities in Mozilla Thunderbird

2020-11-17 00:00:00

chrome

Stable Channel Update for Desktop

2020-10-20 00:00:00

googleprojectzero

In-the-Wild Series: October 2020 0-day discovery

2021-03-18 00:00:00

Déjà vu-lnerability

2021-02-03 00:00:00

mozilla

Security Vulnerabilities fixed in Thunderbird 78.5 — Mozilla

2020-11-17 00:00:00

Security Vulnerabilities fixed in Firefox ESR 78.5 — Mozilla

2020-11-17 00:00:00

Security Vulnerabilities fixed in Firefox 83 — Mozilla

2020-11-17 00:00:00

altlinux

Security fix for the ALT Linux 10 package thunderbird version 78.5.0-alt1

2020-11-19 00:00:00

Security fix for the ALT Linux 10 package firefox-esr version 78.5.0-alt1

2020-11-16 00:00:00

mscve

Chromium Security Updates for Microsoft Edge (Chromium-Based)

2020-01-28 08:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.026 Low

EPSS

Percentile

90.0%

JSON

Related for GLSA-202010-07