CVE-2020-15999
Google Chrome FreeType Heap Buffer Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
YesDecision
Descriptions
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Un desbordamiento del búfer de la pila en Freetype en Google Chrome anterior a versión 86.0.4240.111, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada
A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application memory when an attacker supplies a specially crafted TTF file.
FreeType suffers from a heap buffer overflow vulnerability due to integer truncation in Load_SBit_Png.
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-07-27 CVE Reserved
- 2020-10-20 CVE Published
- 2020-11-03 First Exploit
- 2021-11-03 Exploited in Wild
- 2021-11-17 KEV Due Date
- 2024-08-12 CVE Updated
- 2024-10-10 EPSS Updated
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (15)
URL | Tag | Source |
---|---|---|
http://seclists.org/fulldisclosure/2020/Nov/33 | Mailing List | |
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/oxfemale/CVE-2020-15999 | 2020-11-03 | |
https://github.com/maarlo/CVE-2020-15999 | 2020-12-30 | |
https://github.com/Marmeus/CVE-2020-15999 | 2021-01-04 | |
https://crbug.com/1139963 | 2024-08-12 | |
https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html | 2024-08-12 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 86.0.4240.111 Search vendor "Google" for product "Chrome" and version " < 86.0.4240.111" | - |
Affected
| ||||||
Freetype Search vendor "Freetype" | Freetype Search vendor "Freetype" for product "Freetype" | >= 2.6.0 < 2.10.4 Search vendor "Freetype" for product "Freetype" and version " >= 2.6.0 < 2.10.4" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Backports Sle Search vendor "Opensuse" for product "Backports Sle" | 15.0 Search vendor "Opensuse" for product "Backports Sle" and version "15.0" | sp2 |
Affected
|