A heap buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyphs can cause a heap buffer overflow in Load_SBit_Png as libpng uses the original 32-bit values, which are saved in png_struct. If the original width and/or height are greater than 65535, the allocated buffer won’t be able to fit the bitmap. (CVE-2020-15999)

OSVersionArchitecturePackageVersionFilename
Mageia7noarchfreetype2< 2.9.1-4.1freetype2-2.9.1-4.1.mga7
Mageia7noarchfreetype2< 2.9.1-4.1freetype2-2.9.1-4.1.mga7.tainted

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	freetype2	< 2.9.1-4.1	freetype2-2.9.1-4.1.mga7
Mageia	7	noarch	freetype2	< 2.9.1-4.1	freetype2-2.9.1-4.1.mga7.tainted

References

bugs.mageia.org/show_bug.cgi?id=27453

savannah.nongnu.org/bugs/?59308

security.archlinux.org/ASA-202010-10/generate

nessus 62

gitlab 4

oraclelinux 2

qualysblog 1

debian 3

ubuntu 2

gentoo 4

rocky 1

ubuntucve 1

redhat 8

openvas 29

debiancve 1

cbl_mariner 2

checkpoint_advisories 1

githubexploit 3

osv 9

centos 1

amazon 1

github 1

fedora 3

suse 12

thn 5

prion 1

veracode 2

cloudfoundry 1

f5 1

cve 1

slackware 1

freebsd 2

malwarebytes 2

threatpost 4

archlinux 3

almalinux 1

alpinelinux 1

redhatcve 1

photon 5

cisa_kev 1

attackerkb 2

ibm 3

krebs 1

ics 1

kaspersky 3

chrome 1

googleprojectzero 1

mozilla 2

altlinux 2

nessus

Amazon Linux 2 : freetype (ALAS-2020-1565)

2020-12-09 00:00:00

Debian DSA-4777-1 : freetype - security update

2020-10-23 00:00:00

RHEL 8 : freetype (RHSA-2020:4949)

2020-11-05 00:00:00

gitlab

Out-of-bounds Write

2020-10-27 00:00:00

Out-of-bounds Write

2020-10-27 00:00:00

Out-of-bounds Write

2020-10-27 00:00:00

oraclelinux

freetype security update

2020-11-13 00:00:00

freetype security update

2020-11-06 00:00:00

qualysblog

Vulnerability Detection Pipeline (Beta)

2020-09-16 17:43:34

debian

[SECURITY] [DLA 2415-1] freetype security update

2020-10-25 21:59:56

[SECURITY] [DSA 4777-1] freetype security update

2020-10-21 19:00:07

[SECURITY] [DSA 4777-1] freetype security update

2020-10-21 19:00:07

ubuntu

FreeType vulnerability

2020-10-22 00:00:00

FreeType vulnerability

2020-10-20 00:00:00

gentoo

FreeType: Arbitrary code execution

2020-10-23 00:00:00

Opera: Multiple Vulnerabilities

2024-01-15 00:00:00

Chromium, Google Chrome: Multiple vulnerabilities

2020-11-11 00:00:00

rocky

freetype security update

2020-11-05 08:26:43

ubuntucve

CVE-2020-15999

2020-10-20 00:00:00

redhat

(RHSA-2020:4951) Important: freetype security update

2020-11-05 08:24:50

(RHSA-2020:4952) Important: freetype security update

2020-11-05 08:26:43

(RHSA-2020:4907) Important: freetype security update

2020-11-04 09:39:15

openvas

Huawei EulerOS: Security Advisory for freetype (EulerOS-SA-2021-1652)

2021-03-12 00:00:00

Ubuntu: Security Advisory (USN-4593-2)

2022-08-26 00:00:00

Slackware: Security Advisory (SSA:2020-294-01)

2022-04-21 00:00:00

debiancve

CVE-2020-15999

2020-11-03 03:15:00

cbl_mariner

CVE-2020-15999 affecting package freetype 2.9.1-4

2022-03-19 16:40:53

CVE-2020-15999 affecting package freetype 2.9.1-5

2022-04-09 06:51:42

checkpoint_advisories

Google Chrome Memory Corruption (CVE-2020-15999)

2020-10-24 00:00:00

githubexploit

Exploit for Out-of-bounds Write in Google Chrome

2020-10-28 16:16:25

Exploit for Out-of-bounds Write in Google Chrome

2020-12-30 19:58:33

Exploit for Out-of-bounds Write in Google Chrome

2020-12-30 18:02:23

osv

freetype - security update

2020-10-25 00:00:00

Important: freetype security update

2020-11-05 08:26:43

Android Impact

2021-01-01 00:00:00

centos

freetype security update

2020-11-06 21:57:09

amazon

Important: freetype

2020-12-08 20:55:00

github

Heap buffer overflow in CefSharp

2020-10-27 19:47:38

fedora

[SECURITY] Fedora 31 Update: freetype-2.10.0-4.fc31

2020-11-07 01:28:39

[SECURITY] Fedora 33 Update: freetype-2.10.4-1.fc33

2020-10-25 01:01:39

[SECURITY] Fedora 32 Update: freetype-2.10.4-1.fc32

2020-10-25 01:21:04

suse

Security update for freetype2 (important)

2020-10-26 00:00:00

Security update for freetype2 (important)

2020-10-25 00:00:00

Security update for chromium (important)

2020-10-24 00:00:00

thn

New Chrome 0-day Under Active Attacks – Update Your Browser Now

2020-10-21 16:26:00

WARNING: Google Discloses Windows Zero-Day Bug Exploited in the Wild

2020-11-02 09:43:00

New Chrome Zero-Day Under Active Attacks – Update Your Browser

2020-11-03 09:33:00

prion

Heap overflow

2020-11-03 03:15:00

veracode

Heap Buffer Overflow

2020-11-05 03:17:59

Heap Buffer Overflow

2020-10-25 12:34:11

cloudfoundry

USN-4593-1: FreeType vulnerability | Cloud Foundry

2020-11-19 00:00:00

K000133070 : Freetype vulnerability CVE-2020-15999

2023-03-20 00:00:00

cve

CVE-2020-15999

2020-11-03 03:15:00

slackware

[slackware-security] freetype

2020-10-20 22:26:01

freebsd

freetype2 -- heap buffer overlfow

2020-10-20 00:00:00

chromium -- multiple vulnerabilities

2020-10-20 00:00:00

malwarebytes

Google patches actively exploited zero-day bug that affects Chrome users

2020-10-26 10:58:14

Update your Chrome again as Google patches second zero-day in two weeks

2020-11-03 18:30:00

threatpost

Microsoft IE Browser Death March Hastens

2020-10-26 22:26:57

Microsoft Patch Tuesday Update Fixes 17 Critical Bugs

2020-11-10 21:12:21

Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser

2020-10-21 12:23:29

archlinux

[ASA-202010-11] lib32-freetype2: arbitrary code execution

2020-10-20 00:00:00

[ASA-202010-10] freetype2: arbitrary code execution

2020-10-20 00:00:00

[ASA-202011-12] firefox: multiple issues

2020-11-17 00:00:00

almalinux

Important: freetype security update

2020-11-05 08:26:43

alpinelinux

CVE-2020-15999

2020-11-03 03:15:00

redhatcve

CVE-2020-15999

2020-10-21 18:33:33

photon

Moderate Photon OS Security Update - PHSA-2022-0442

2022-02-16 00:00:00

Critical Photon OS Security Update - PHSA-2022-0364

2022-02-22 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0156

2022-02-25 00:00:00

cisa_kev

Google Chrome FreeType Heap Buffer Overflow Vulnerability

2021-11-03 00:00:00

attackerkb

CVE-2020-17087 Windows Kernel local privilege escalation 0day

2020-11-11 00:00:00

CVE-2020-15999 Chrome Freetype 0day

2020-11-03 00:00:00

ibm

Security Bulletin: IBM Analyst's Notebook Premium uses a component with known vulnerabilities (CVE-2020-16013, CVE-2020-16009, CVE-2020-15999)

2021-07-23 15:10:10

Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-1971, CVE-2020-15999, CVE-2017-12652)

2021-08-16 07:01:26

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.5 ESR + CVE-2020-26951) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.2.0

2021-02-25 07:21:06

krebs

Patch Tuesday, November 2020 Edition

2020-11-11 01:56:41

ics

Rockwell Automation Connected Components Workbench

2023-09-21 12:00:00

kaspersky

KLA12013 Multiple vulnerabilities in Opera

2020-10-29 00:00:00

KLA11986 Multiple vulnerabilities in Google Chrome

2020-10-20 00:00:00

KLA12012 Multiple vulnerabilities in Mozilla Thunderbird

2020-11-17 00:00:00

chrome

Stable Channel Update for Desktop

2020-10-20 00:00:00

googleprojectzero

In-the-Wild Series: October 2020 0-day discovery

2021-03-18 00:00:00

mozilla

Security Vulnerabilities fixed in Thunderbird 78.5 — Mozilla

2020-11-17 00:00:00

Security Vulnerabilities fixed in Firefox ESR 78.5 — Mozilla

2020-11-17 00:00:00

altlinux

Security fix for the ALT Linux 10 package thunderbird version 78.5.0-alt1

2020-11-19 00:00:00

Security fix for the ALT Linux 10 package firefox-esr version 78.5.0-alt1

2020-11-16 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.026 Low

EPSS

Percentile

90.0%

JSON

Related for MGASA-2020-0389