9.6

CVE-2020-15999

Warning
Exploit

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Data is provided by the National Vulnerability Database (NVD)
GoogleChrome Version < 86.0.4240.111
FreetypeFreetype Version >= 2.6.0 < 2.10.4
DebianDebian Linux Version10.0
FedoraprojectFedora Version31
OpensuseBackports Sle Version15.0 Updatesp2

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chrome FreeType Heap Buffer Overflow Vulnerability

Vulnerability

Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 92.97% 0.998
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.6 2.8 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.6 2.8 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.debian.org/security/2021/dsa-4824
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/Nov/33
Third Party Advisory
Mailing List
Not Applicable
https://crbug.com/1139963
Third Party Advisory
Exploit
Issue Tracking