⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2021-11-17. Required action: Apply updates per vendor instructions..

CVE-2020-15999

CWE-787Out-of-bounds WriteCWE-120Classic Buffer OverflowCWE-119Buffer OverflowCWE-190Integer Overflow32 documents19 sources
Severity
9.6CRITICAL
EPSS
92.9%
top 0.23%
CISA KEV
KEV
Added 2021-11-03
Due 2021-11-17
Exploit
Exploited in wild
Active exploitation observed
Affected products
6
Platform External/freetypeGoogle ChromeFreetype Freetype+3 more
Timeline
PublishedNov 3
KEV addedNov 3
KEV dueNov 17
CISA Required Action: Apply updates per vendor instructions.

Description

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages10 packages

CVEListV5google/chromeunspecified86.0.4240.111
NVDgoogle/chrome< 86.0.4240.111
NVDfreetype/freetype2.6.02.10.4
Androidplatform/external/freetype8.0:08.0:2021-01-01+4
Debianfreetype< 2.10.2+dfsg-4+3

Also affects: Debian Linux 10.0, Fedora 31

🔴Vulnerability Details

12
Project0
In-the-Wild Series: October 2020 0-day discovery - Project Zero2021-03-01
Project0
Déjà vu-lnerability - Project Zero2021-02-01
OSV
CVE-2020-15999: In Load_SBit_Png of pngshim2021-01-01
CVEList
CVE-2020-15999: Heap buffer overflow in Freetype in Google Chrome prior to 862020-11-03
OSV
CVE-2020-15999: Heap buffer overflow in Freetype in Google Chrome prior to 862020-11-03

💥Exploits & PoCs

1
Exploit-DB
Cisco DCNM JBoss 10.4 - Credential Leakage2020-01-08

📋Vendor Advisories

11
CISA
Google Chrome FreeType Heap Buffer Overflow Vulnerability2021-11-03
Android
CVE-2020-15999: Android Security Bulletin 2021-01-01 CVE: CVE-2020-15999 Severity: MEDIUM Type: RCE Affected AOSP versions: 82021-01-01
Microsoft
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-11-10
Ubuntu
FreeType vulnerability2020-10-22
Chrome
Stable Channel Update for Desktop: CVE-2020-159992020-10-20

🕵️Threat Intelligence

2
Sentinelone
Privilege Escalation Using CVE-2020-17087 &amp; CVE-2020-159992020-11-04
Sentinelone
Privilege Escalation Using CVE-2020-17087 & CVE-2020-159992020-11-04

💬Community

2
Bugzilla
CVE-2020-15999 freetype: heap-based buffer overflow via malformed ttf files [fedora-all]2020-10-21
Bugzilla
CVE-2020-15999 freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png2020-10-21