CVE-2020-15999

Description

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected packages (8)

• Alpine/freetypefrom 0, < 2.10.0-r1
• Debian/freetypefrom 0, < 2.10.2+dfsg-4
• Debian/freetypefrom 0, < 2.6.3-3.2+deb9u2
• Debian/freetypefrom 0, < 2.9.1-3+deb10u2
• NuGet/CefSharp.Commonfrom 0, < 85.3.130
• NuGet/CefSharp.WinFormsfrom 0, < 85.3.130
• NuGet/CefSharp.Wpffrom 0, < 85.3.130
• NuGet/CefSharp.Wpf.HwndHostfrom 0, < 85.3.130

CVSS scores

References (21)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-15999
• ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2020-15999
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-15999
• PATCHhttps://github.com/cefsharp/CefSharp
• WEBhttp://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
• WEBhttps://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
• WEBhttps://crbug.com/1139963
• WEBhttp://seclists.org/fulldisclosure/2020/Nov/33
• WEBhttps://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62
• WEBhttps://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html
• WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
• WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
• WEBhttps://security.gentoo.org/glsa/202011-12
• WEBhttps://security.gentoo.org/glsa/202012-04
• WEBhttps://security.gentoo.org/glsa/202401-19
• WEBhttps://security.netapp.com/advisory/ntap-20240812-0001
• WEBhttps://www.debian.org/security/2021/dsa-4824
• WEBhttps://www.nuget.org/packages/CefSharp.Common
• WEBhttps://www.nuget.org/packages/CefSharp.WinForms
• WEBhttps://www.nuget.org/packages/CefSharp.Wpf
• WEBhttps://www.nuget.org/packages/CefSharp.Wpf.HwndHost