CVE-2020-15999: Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML…

critical9.6CVSS 3.1

AVNACLPRNUIRSCCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2021-11-17

Exploited in the wild

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	freetype	< freetype 2.10.2+dfsg-4 (bookworm)	freetype 2.10.2+dfsg-4 (bookworm)
fedoraproject	fedora	—	—
freetype	freetype	>= 0 < 2.10.2+dfsg-4	2.10.2+dfsg-4
freetype	freetype	>= 0 < 2.10.2+dfsg-4	2.10.2+dfsg-4
freetype	freetype	>= 0 < 2.10.2+dfsg-4	2.10.2+dfsg-4
freetype	freetype	>= 0 < 2.10.2+dfsg-4	2.10.2+dfsg-4
freetype	freetype	>= 2.6.0 < 2.10.4	2.10.4
google	android	—	—
google	chrome	< 86.0.4240.111	86.0.4240.111
google	chrome	>= unspecified < 86.0.4240.111	86.0.4240.111
google	chrome_chrome	—	—
mozilla	firefox	—	—
msrc	cbl2_freetype_2.11.1-1_on_cbl_mariner_2.0	—	—
msrc	cbl_mariner_1.0_arm	—	—
msrc	cbl_mariner_1.0_x64	—	—
msrc	cbl_mariner_2.0_arm	—	—
msrc	cbl_mariner_2.0_x64	—	—
msrc	cm1_freetype_2.11.1-1_on_cbl_mariner_1.0	—	—
opensuse	backports_sle	—	—
platform	external_freetype	>= 10:0 < 10:2021-01-01	10:2021-01-01
platform	external_freetype	>= 11:0 < 11:2021-01-01	11:2021-01-01
platform	external_freetype	>= 8.0:0 < 8.0:2021-01-01	8.0:2021-01-01
platform	external_freetype	>= 8.1:0 < 8.1:2021-01-01	8.1:2021-01-01
platform	external_freetype	>= 9:0 < 9:2021-01-01	9:2021-01-01

CVSS provenance

nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

ghsa9.6CRITICAL

osv9.6CRITICAL

vulncheck9.6CRITICAL

cisa9.6CRITICAL