Home

CVE-2020-15999

Description

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
92.905

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-16001,CVE-2020-16002,CVE-2020-16003 are affected in Google Chrome 86.0.4240.110 (x64)Windows
Vulnerabilities CVE-2020-16001,CVE-2020-16002,CVE-2020-16003 are affected in Google Chrome 86.0.4240.110Windows
Vulnerabilities CVE-2020-15999 are fixed in Google Chrome (x64) (86.0.4240.111)Windows
Vulnerabilities CVE-2020-15999 are fixed in Google Chrome (86.0.4240.111)Windows
Vulnerabilities CVE-2020-15999 are fixed in Nuget - CefSharp.Common 85.3.130Windows
Vulnerabilities CVE-2020-15999 are fixed in Nuget - CefSharp.WinForms 85.3.130Windows
Vulnerabilities CVE-2020-15999 are fixed in Nuget - CefSharp.Wpf 85.3.130Windows
Vulnerabilities CVE-2020-15999 are fixed in Nuget - CefSharp.Wpf.HwndHost 85.3.130Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (83.0)Mac
Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac (78.5.0)Mac
Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac (78.5.1)Mac
Vulnerabilities CVE-2020-16000,CVE-2020-16001,CVE-2020-16002,CVE-2020-15999,CVE-2020-16003 are fixed in Google Chrome For Mac (86.0.4240.111)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 78.5Mac
FreeType 2 is a font engine library (USN-4593-1) libfreetype6_2.8.1-2ubuntu2.1_i386.debLinux
FreeType 2 is a font engine library (USN-4593-1) libfreetype6_2.8.1-2ubuntu2.1_amd64.debLinux
FreeType 2 is a font engine library (USN-4593-1) libfreetype6_2.10.1-2ubuntu0.1_i386.debLinux
FreeType 2 is a font engine library (USN-4593-1) libfreetype6_2.10.1-2ubuntu0.1_amd64.debLinux
FreeType 2 is a font engine library (USN-4593-1) libfreetype6_2.6.1-0.1ubuntu2.5_i386.debLinux
FreeType 2 is a font engine library (USN-4593-1) libfreetype6_2.6.1-0.1ubuntu2.5_amd64.debLinux
(RHSA-2020:4351) chromium-browser security update chromium-browser-86.0.4240.111-1.el6_10.i686.rpmLinux
(RHSA-2020:4351) chromium-browser security update chromium-browser-86.0.4240.111-1.el6_10.x86_64.rpmLinux
SUSE-SU-2020:2998-1(SUSE Linux Enterprise Server 12-SP5 ) freetype2-debugsource-2.6.3-7.18.1.x86_64.rpmLinux
SUSE-SU-2020:2998-1(SUSE Linux Enterprise Server 12-SP5 ) ft2demos-2.6.3-7.18.1.x86_64.rpmLinux
SUSE-SU-2020:2998-1(SUSE Linux Enterprise Server 12-SP5 ) libfreetype6-2.6.3-7.18.1.x86_64.rpmLinux
SUSE-SU-2020:2998-1(SUSE Linux Enterprise Server 12-SP5 ) libfreetype6-32bit-2.6.3-7.18.1.x86_64.rpmLinux
SUSE-SU-2020:2998-1(SUSE Linux Enterprise Server 12-SP5 ) libfreetype6-debuginfo-2.6.3-7.18.1.x86_64.rpmLinux
SUSE-SU-2020:2998-1(SUSE Linux Enterprise Server 12-SP5 ) libfreetype6-debuginfo-32bit-2.6.3-7.18.1.x86_64.rpmLinux
(RHSA-2020:4907) freetype security update freetype-2.8-14.el7_9.1.i686.rpmLinux
(RHSA-2020:4907) freetype security update freetype-2.8-14.el7_9.1.x86_64.rpmLinux
(RHSA-2020:4907) freetype security update freetype-demos-2.8-14.el7_9.1.x86_64.rpmLinux
(RHSA-2020:4907) freetype security update freetype-devel-2.8-14.el7_9.1.i686.rpmLinux
(RHSA-2020:4907) freetype security update freetype-devel-2.8-14.el7_9.1.x86_64.rpmLinux
(RHSA-2020:4952) freetype security update freetype-2.9.1-4.el8_3.1.i686.rpmLinux
(RHSA-2020:4952) freetype security update freetype-2.9.1-4.el8_3.1.x86_64.rpmLinux
(RHSA-2020:4952) freetype security update freetype-debugsource-2.9.1-4.el8_3.1.i686.rpmLinux
(RHSA-2020:4952) freetype security update freetype-debugsource-2.9.1-4.el8_3.1.x86_64.rpmLinux
(RHSA-2020:4952) freetype security update freetype-devel-2.9.1-4.el8_3.1.i686.rpmLinux
(RHSA-2020:4952) freetype security update freetype-devel-2.9.1-4.el8_3.1.x86_64.rpmLinux
SUSE-SU-2020:3548-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-78.5.0-112.36.1.x86_64.rpmLinux
SUSE-SU-2020:3548-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-debuginfo-78.5.0-112.36.1.x86_64.rpmLinux
SUSE-SU-2020:3548-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-debugsource-78.5.0-112.36.1.x86_64.rpmLinux
SUSE-SU-2020:3548-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-devel-78.5.0-112.36.1.x86_64.rpmLinux
SUSE-SU-2020:3548-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-translations-common-78.5.0-112.36.1.x86_64.rpmLinux
chromium security update(DSA-4824-1) chromium_87.0.4280.88-0.4~deb10u1_i386.debLinux
chromium security update(DSA-4824-1) chromium_87.0.4280.88-0.4~deb10u1_amd64.debLinux
(CESA-2020:4907) freetype security update freetype-2.8-14.el7_9.1.x86_64.rpmLinux
(CESA-2020:4907) freetype security update freetype-demos-2.8-14.el7_9.1.x86_64.rpmLinux
(CESA-2020:4907) freetype security update freetype-devel-2.8-14.el7_9.1.x86_64.rpmLinux
(RHSA-2020:4907)Important: security update freetype-debuginfo-2.8-14.el7_9.1.i686.rpmLinux
(RHSA-2020:4907)Important: security update freetype-debuginfo-2.8-14.el7_9.1.x86_64.rpmLinux
Vulnerabilities CVE-2020-15999 are fixed in Nuget - CefSharp.Common for Linux 85.3.130Linux
Vulnerabilities CVE-2020-15999 are fixed in Nuget - CefSharp.WinForms for Linux 85.3.130Linux
Vulnerabilities CVE-2020-15999 are fixed in Nuget - CefSharp.Wpf for Linux 85.3.130Linux
Vulnerabilities CVE-2020-15999 are fixed in Nuget - CefSharp.Wpf.HwndHost for Linux 85.3.130Linux
freetype Security Update (ALAS2023-2023-074) freetype-2.12.1-3.amzn2023.0.1.x86_64.rpmLinux
freetype Security Update (ALAS2023-2023-074) freetype-demos-2.12.1-3.amzn2023.0.1.x86_64.rpmLinux
freetype Security Update (ALAS2023-2023-074) freetype-devel-2.12.1-3.amzn2023.0.1.x86_64.rpmLinux
Out-of-bounds Write Vulnerability (CVE-2020-15999)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343228Google Chrome (x64) (131.0.6778.85, 131.0.6778.86)
PATCH-343227Google Chrome (131.0.6778.85, 131.0.6778.86)
PATCH-328098Google Chrome (x64) (108.0.5359.125)
PATCH-328097Google Chrome (108.0.5359.125)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611353Mozilla Thunderbird For Mac (128.12.0)
PATCH-611353Mozilla Thunderbird For Mac (128.12.0)
PATCH-609673Google Chrome for Mac (132.0.6834.83, 132.0.6834.84)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234