CVE-2020-15999
Description
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
CISA KEV
- Vendor
- Product
- Chrome FreeType
- Due date
- 2021-11-17
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Arch Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Fixed | 83.0-1 |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.10.2+dfsg-4 |
| sid | Fixed | 2.10.2+dfsg-4 |
| forky | Fixed | 2.10.2+dfsg-4 |
| bullseye | Fixed | 2.10.2+dfsg-4 |
| bookworm | Fixed | 2.10.2+dfsg-4 |
Red Hat Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| NuGet | CefSharp.Common | <85.3.130 | 85.3.130 |
| NuGet | CefSharp.Wpf | <85.3.130 | 85.3.130 |
| NuGet | CefSharp.WinForms | <85.3.130 | 85.3.130 |
| NuGet | CefSharp.Wpf.HwndHost | <85.3.130 | 85.3.130 |
References
- https://security.archlinux.org/ASA-202011-12
- https://security.archlinux.org/ASA-202010-11
- https://security.archlinux.org/ASA-202010-10
- https://www.suse.com/security/cve/CVE-2020-15999.html
- https://security-tracker.debian.org/tracker/CVE-2020-15999
- https://errata.rockylinux.org/RLSA-2020:4952
- https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62
- https://nvd.nist.gov/vuln/detail/CVE-2020-15999
- https://www.nuget.org/packages/CefSharp.Wpf.HwndHost
- https://www.nuget.org/packages/CefSharp.Wpf
- https://www.nuget.org/packages/CefSharp.WinForms
- https://www.nuget.org/packages/CefSharp.Common
- https://www.debian.org/security/2021/dsa-4824
- https://security.netapp.com/advisory/ntap-20240812-0001
- https://security.gentoo.org/glsa/202401-19
- https://security.gentoo.org/glsa/202012-04
- https://security.gentoo.org/glsa/202011-12
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
- https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html
- https://github.com/cefsharp/CefSharp
- https://crbug.com/1139963
- https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
- http://seclists.org/fulldisclosure/2020/Nov/33
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.