CVE-2020-15999
CVE-2020-15999
In short
A flaw in the font-handling library (Freetype) used by Chrome allows an attacker to corrupt computer memory through a specially designed webpage. This could enable the attacker to execute malicious code or crash the browser.
Technical detail
Heap buffer overflow in Freetype's font parsing allows a remote attacker to write beyond allocated memory boundaries via crafted HTML. Exploitation requires user to visit a malicious webpage; successful exploitation results in heap corruption leading to potential code execution or denial of service.
Summary generated and translated by AI from the official description.
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 3
githubgithub.com/oxfemale/CVE-2020-15999★ 3githubgithub.com/Marmeus/CVE-2020-15999★ 2githubgithub.com/maarlo/CVE-2020-15999★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.htmlhttps://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.htmlhttps://crbug.com/1139963http://seclists.org/fulldisclosure/2020/Nov/33https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/https://security.gentoo.org/glsa/202011-12https://security.gentoo.org/glsa/202012-04https://security.gentoo.org/glsa/202401-19https://security.netapp.com/advisory/ntap-20240812-0001/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-15999https://www.debian.org/security/2021/dsa-4824