Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CPENameOperatorVersion
debian_linuxeq10.0
fedoraeq31
freetypege2.6.0
freetypelt2.10.4
chromelt86.0.4240.111
backports_sleeq15.0 sp2

Name	Operator	Version
debian_linux	eq	10.0
fedora	eq	31
freetype	ge	2.6.0
freetype	lt	2.10.4
chrome	lt	86.0.4240.111
backports_sle	eq	15.0 sp2

References

lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html

seclists.org/fulldisclosure/2020/Nov/33

chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

crbug.com/1139963

googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/

security.gentoo.org/glsa/202011-12

security.gentoo.org/glsa/202012-04

security.gentoo.org/glsa/202401-19

www.debian.org/security/2021/dsa-4824

checkpoint_advisories 1

nessus 62

githubexploit 3

osv 9

openvas 29

github 1

centos 1

amazon 1

gitlab 4

fedora 3

oraclelinux 2

thn 5

veracode 2

debian 3

cloudfoundry 1

redhat 8

cbl_mariner 2

suse 12

f5 1

cve 1

freebsd 2

ubuntu 2

gentoo 4

slackware 1

malwarebytes 2

threatpost 4

alpinelinux 1

redhatcve 1

archlinux 3

almalinux 1

qualysblog 1

ubuntucve 1

mageia 1

rocky 1

debiancve 1

photon 5

attackerkb 2

ibm 3

cisa_kev 1

krebs 1

ics 1

kaspersky 3

chrome 1

googleprojectzero 1

mozilla 2

altlinux 2

checkpoint_advisories

Google Chrome Memory Corruption (CVE-2020-15999)

2020-10-24 00:00:00

nessus

NewStart CGSL CORE 5.05 / MAIN 5.05 : freetype Vulnerability (NS-SA-2021-0144)

2021-10-27 00:00:00

EulerOS 2.0 SP8 : freetype (EulerOS-SA-2020-2510)

2020-12-14 00:00:00

SUSE SLED15 / SLES15 Security Update : freetype2 (SUSE-SU-2020:2995-1)

2020-12-09 00:00:00

githubexploit

Exploit for Out-of-bounds Write in Google Chrome

2020-10-28 16:16:25

Exploit for Out-of-bounds Write in Google Chrome

2020-12-30 19:58:33

Exploit for Out-of-bounds Write in Google Chrome

2020-12-30 18:02:23

osv

freetype - security update

2020-10-25 00:00:00

Important: freetype security update

2020-11-05 08:26:43

Android Impact

2021-01-01 00:00:00

openvas

openSUSE: Security Advisory for freetype2 (openSUSE-SU-2020:1744-1)

2020-10-27 00:00:00

Fedora: Security Advisory for freetype (FEDORA-2020-6b35849edd)

2020-11-07 00:00:00

Debian: Security Advisory (DSA-4777-1)

2020-10-23 00:00:00

github

Heap buffer overflow in CefSharp

2020-10-27 19:47:38

centos

freetype security update

2020-11-06 21:57:09

amazon

Important: freetype

2020-12-08 20:55:00

gitlab

Out-of-bounds Write

2020-10-27 00:00:00

Out-of-bounds Write

2020-10-27 00:00:00

Out-of-bounds Write

2020-10-27 00:00:00

fedora

[SECURITY] Fedora 31 Update: freetype-2.10.0-4.fc31

2020-11-07 01:28:39

[SECURITY] Fedora 33 Update: freetype-2.10.4-1.fc33

2020-10-25 01:01:39

[SECURITY] Fedora 32 Update: freetype-2.10.4-1.fc32

2020-10-25 01:21:04

oraclelinux

freetype security update

2020-11-06 00:00:00

freetype security update

2020-11-13 00:00:00

thn

New Chrome 0-day Under Active Attacks – Update Your Browser Now

2020-10-21 16:26:00

WARNING: Google Discloses Windows Zero-Day Bug Exploited in the Wild

2020-11-02 09:43:00

New Chrome Zero-Day Under Active Attacks – Update Your Browser

2020-11-03 09:33:00

veracode

Heap Buffer Overflow

2020-11-05 03:17:59

Heap Buffer Overflow

2020-10-25 12:34:11

debian

[SECURITY] [DSA 4777-1] freetype security update

2020-10-21 19:00:07

[SECURITY] [DSA 4777-1] freetype security update

2020-10-21 19:00:07

[SECURITY] [DLA 2415-1] freetype security update

2020-10-25 21:59:56

cloudfoundry

USN-4593-1: FreeType vulnerability | Cloud Foundry

2020-11-19 00:00:00

redhat

(RHSA-2020:4907) Important: freetype security update

2020-11-04 09:39:15

(RHSA-2020:4952) Important: freetype security update

2020-11-05 08:26:43

(RHSA-2020:4950) Important: freetype security update

2020-11-05 08:24:47

cbl_mariner

CVE-2020-15999 affecting package freetype 2.9.1-5

2022-04-09 06:51:42

CVE-2020-15999 affecting package freetype 2.9.1-4

2022-03-19 16:40:53

suse

Security update for freetype2 (important)

2020-10-26 00:00:00

Security update for freetype2 (important)

2020-10-25 00:00:00

Security update for chromium (important)

2020-10-24 00:00:00

K000133070 : Freetype vulnerability CVE-2020-15999

2023-03-20 00:00:00

cve

CVE-2020-15999

2020-11-03 03:15:00

freebsd

freetype2 -- heap buffer overlfow

2020-10-20 00:00:00

chromium -- multiple vulnerabilities

2020-10-20 00:00:00

ubuntu

FreeType vulnerability

2020-10-20 00:00:00

FreeType vulnerability

2020-10-22 00:00:00

gentoo

Opera: Multiple Vulnerabilities

2024-01-15 00:00:00

FreeType: Arbitrary code execution

2020-10-23 00:00:00

Chromium, Google Chrome: Multiple vulnerabilities

2020-11-11 00:00:00

slackware

[slackware-security] freetype

2020-10-20 22:26:01

malwarebytes

Google patches actively exploited zero-day bug that affects Chrome users

2020-10-26 10:58:14

Update your Chrome again as Google patches second zero-day in two weeks

2020-11-03 18:30:00

threatpost

Microsoft IE Browser Death March Hastens

2020-10-26 22:26:57

Microsoft Patch Tuesday Update Fixes 17 Critical Bugs

2020-11-10 21:12:21

Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser

2020-10-21 12:23:29

alpinelinux

CVE-2020-15999

2020-11-03 03:15:00

redhatcve

CVE-2020-15999

2020-10-21 18:33:33

archlinux

[ASA-202010-10] freetype2: arbitrary code execution

2020-10-20 00:00:00

[ASA-202010-11] lib32-freetype2: arbitrary code execution

2020-10-20 00:00:00

[ASA-202011-12] firefox: multiple issues

2020-11-17 00:00:00

almalinux

Important: freetype security update

2020-11-05 08:26:43

qualysblog

Vulnerability Detection Pipeline (Beta)

2020-09-16 17:43:34

ubuntucve

CVE-2020-15999

2020-10-20 00:00:00

mageia

Updated freetype2 packages fix security vulnerability

2020-10-20 19:22:12

rocky

freetype security update

2020-11-05 08:26:43

debiancve

CVE-2020-15999

2020-11-03 03:15:00

photon

Moderate Photon OS Security Update - PHSA-2022-0442

2022-02-16 00:00:00

Critical Photon OS Security Update - PHSA-2022-0364

2022-02-22 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0156

2022-02-25 00:00:00

attackerkb

CVE-2020-15999 Chrome Freetype 0day

2020-11-03 00:00:00

CVE-2020-17087 Windows Kernel local privilege escalation 0day

2020-11-11 00:00:00

ibm

Security Bulletin: IBM Analyst's Notebook Premium uses a component with known vulnerabilities (CVE-2020-16013, CVE-2020-16009, CVE-2020-15999)

2021-07-23 15:10:10

Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-1971, CVE-2020-15999, CVE-2017-12652)

2021-08-16 07:01:26

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.5 ESR + CVE-2020-26951) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.2.0

2021-02-25 07:21:06

cisa_kev

Google Chrome FreeType Heap Buffer Overflow Vulnerability

2021-11-03 00:00:00

krebs

Patch Tuesday, November 2020 Edition

2020-11-11 01:56:41

ics

Rockwell Automation Connected Components Workbench

2023-09-21 12:00:00

kaspersky

KLA12013 Multiple vulnerabilities in Opera

2020-10-29 00:00:00

KLA11986 Multiple vulnerabilities in Google Chrome

2020-10-20 00:00:00

KLA12012 Multiple vulnerabilities in Mozilla Thunderbird

2020-11-17 00:00:00

chrome

Stable Channel Update for Desktop

2020-10-20 00:00:00

googleprojectzero

In-the-Wild Series: October 2020 0-day discovery

2021-03-18 00:00:00

mozilla

Security Vulnerabilities fixed in Thunderbird 78.5 — Mozilla

2020-11-17 00:00:00

Security Vulnerabilities fixed in Firefox ESR 78.5 — Mozilla

2020-11-17 00:00:00

altlinux

Security fix for the ALT Linux 10 package thunderbird version 78.5.0-alt1

2020-11-19 00:00:00

Security fix for the ALT Linux 10 package firefox-esr version 78.5.0-alt1

2020-11-16 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.026 Low

EPSS

Percentile

89.9%

JSON

Related for PRION:CVE-2020-15999