4.3
CVSSv2

CVE-2020-15999

Published: 03/11/2020 Updated: 11/02/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

Heap buffer overflow in Freetype in Google Chrome before 86.0.4240.111 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

freetype freetype2

debian debian linux 10.0

fedoraproject fedora 31

opensuse backports sle 15.0

Vendor Advisories

Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic An update for freetype is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Debian Bug report logs - #972586 freetype: CVE-2020-15999: buffer overflow in Load_SBit_Png Package: src:freetype; Maintainer for src:freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 20 Oct 2020 19:09:02 UTC Severity: grave Tags: pending, security ...
Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic An update for freetype is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic An update for freetype is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic An update for freetype is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic An update for freetype is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Sergei Glazunov discovered a heap-based buffer overflow vulnerability in the handling of embedded PNG bitmaps in FreeType Opening malformed fonts may result in denial of service or the execution of arbitrary code For the stable distribution (buster), this problem has been fixed in version 291-3+deb10u2 We recommend that you upgrade your freety ...
Synopsis Important: chromium-browser security update Type/Severity Security Advisory: Important Topic An update for chromium-browser is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Synopsis Moderate: OpenShift Container Platform 4521 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4521 is now available with updates to packages and images that fix several bugsThis release includes a security update for opensh ...
Arch Linux Security Advisory ASA-202010-11 ========================================== Severity: High Date : 2020-10-20 CVE-ID : CVE-2020-15999 Package : lib32-freetype2 Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-1255 Summary ======= The package lib32-freetype2 before version 2104-1 is vuln ...
Arch Linux Security Advisory ASA-202010-10 ========================================== Severity: High Date : 2020-10-20 CVE-ID : CVE-2020-15999 Package : freetype2 Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-1254 Summary ======= The package freetype2 before version 2104-1 is vulnerable to ar ...
A head buffer overflow has been found in freetype2 before 2104 Malformed TTF files with PNG sbit glyps can cause a heap buffer overflow in Load_SBit_Png ...
Synopsis Moderate: OpenShift Container Platform 4520 bug fix and golang security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4520 is now available with updates to packages and images that fix several bugsThis release includes a security update for ...
The stable channel has been updated to 8604240111 for Windows, Mac & Linux which will roll out over the coming days/weeksA list of all changes is available in the log Interested in switching release channels? Find out how If you find a new issue, please let us know by filing a bug The community help forum is also a great place to reach ...
Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2020-26951, CVE-2020-16012, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-15999, CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, CVE-2020-26968 ...
Arch Linux Security Advisory ASA-202011-12 ========================================== Severity: Critical Date : 2020-11-17 CVE-ID : CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26952 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26962 CVE-2020-26963 CVE ...
Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure For the stable distribution (buster), these problems have been fixed in version 870428088-04~deb10u1 We recommend that you upgrade your chromium packages For the detailed sec ...

Mailing Lists

Hi list, Debugged this issue, but somehow cannot trigger the crash in Chrome Seems like the font is loaded without correct flags or it was different font I saw in debugger :) Anybody had sucess witht this bug? Feel free to reply here or DM My notes: githubcom/marcinguy/CVE-2020-15999 Thanks, _______________________________________ ...
Hi List, Maybe you will find this interesting/useful Below is the TCMalloc tool that can inspect TCMalloc allocations: githubcom/marcinguy/tcmalloc-inspector Here is my attempt to do the same for Chromium (Chrome) based browsers, since they also used a tuned/adjusted TCMalloc However without success Let me know if you know how to fi ...
Before making this release, Werner said: But distros should be warned that 2103 and later may break the build of ghostscript, due to ghostscript's use of a withdrawn macro that wasn't intended for external usage: bugsghostscriptcom/show_bugcgi?id=702985 listsnongnuorg/archive/html/freetype-devel/2020-10/msg00002html Gho ...

Github Repositories

CVE-2020-15999

CVE-2020-15999 CVE-2020-15999 Added font with SBIX table (based on Arial) - docsmicrosoftcom/en-us/typography/opentype/spec/sbix Crashes in ftview (asanpng) but somehow cannot bring Chrome to crash Flags are also not correctly set so load_sbit_image() is also not called Weird Calling it like this: indexhtml <html> <head>

Todos los materiales necesarios para la PoC en Chrome y ftview

CVE-2020-15999 Here you will all the resources in order to execute the PoC for the CVE-2020-15999 in Google Chrome and Ftview (Ubuntu) There are two folders in this repository, one for each program Google Chrome In order to reproduce the exploit you will have to install a Google Chrome version previous to the 8604240111 version In my case I used the 8504183121 version

Repositorio con un script encargado de explotar la vulnerabilidad CVE-2020-15999

CVE-2020-15999 Repositorio con un script encargado de explotar la vulnerabilidad CVE-2020-15999 Ejecución Ejecutar el siguiente comando para explotar la vulnerabilidad bash runsh

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASL (1) ASPNET (1) ActionScript (1) Arduino (2) Assembly (7) AutoHotkey (2) Batchfile (16) BitBake (5) Boo (1) C (286) C# (212) C++ (225) CMake (2) CSS (66) Classic ASP (2) Clojure (1) CoffeeScript (1) ColdFusion (1) Dart (1) Dockerfile (37) Emacs Lisp (1) Erlang (1) F# (2) Go (531) HCL (4)

2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总

欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka:OSINT工具,将来自shodan、censys等服务的数据集中在一处

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

Recent Articles

Google: Better patching could have prevented 1 in 4 zero‑days last year
welivesecurity • 04 Feb 2021

Google’s Project Zero team revealed that a quarter of zero-day exploits detected in 2020 could have been prevented had the vendors issued proper patches for the underlying security flaws. In its Year in Review bloggpost, the team said that of the 24 zero-days that were detected in the wild, six were related to previously disclosed vulnerabilities.
“Some of these 0-day exploits only had to change a line or two of code to have a new working 0-day exploit,” said Maddie Stone, a Project ...

Google patches two new zero‑day flaws in Chrome
welivesecurity • 12 Nov 2020

Google has patched two new zero-day vulnerabilities in its Chrome web browser, bringing to five the number of fixes for actively-exploited bugs in the browser over the past three weeks.
“Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild,” said Google about the vulnerabilities affecting the browser’s Windows, macOS, and Linux versions. Details about the security loopholes remain sparse, although the tech giant did disclose that both are c...

Google fixes more Chrome zero-days exploited in the wild
BleepingComputer • Sergiu Gatlan • 12 Nov 2020

Google has released Chrome 86.0.4240.198 for Windows, Mac, and Linux to address two zero-day vulnerabilities exploited in the wild.
Google Chrome 86.0.4240.198 will roll out over the coming days. To upgrade, you have to go to Settings -> Help -> 'About Google Chrome' to allow the browser to automatically check for the new update and install it when available.
The two security flaws were reported to Google by anonymous researchers, but the company did not provide any info...

Microsoft Patch Tuesday fixes 17 critical flaws, Windows zero‑day
welivesecurity • 11 Nov 2020

It’s that time of the month again when Microsoft rolls out patches for security vulnerabilities in Windows and other software. This time round, the patch bundle brings fixes for no fewer than 112 security vulnerabilities, including a Windows zero-day bug that was disclosed last month and is being actively exploited in the wild.
The flaw, tracked as CVE-2020-17087 and ranked as “important” on the CVSS scale, resides in the Windows Kernel Cryptography Driver. It is an elevation of ...

Microsoft emits 112 security hole fixes – including the cure for a Google-disclosed kernel vuln exploited in the wild
The Register • Thomas Claburn in San Francisco • 11 Nov 2020

Android, Adobe, SAP, Red Hat join the bug-busting party Rust in peace: Memory bugs in C and C++ code cause security issues so Microsoft is considering alternatives once again

Patch Tuesday Microsoft published fixes for 112 software vulnerabilities for its November Patch Tuesday, 17 of which have been rated critical.
Of the remainder, 93 are rated important, and two are rated low severity.
Fifteen Microsoft products are affected, including: Microsoft Windows, Office, Internet Explorer, Edge (EdgeHTML and Chromium), ChakraCore, Exchange Server, Dynamics, Windows Codecs Library, Azure Sphere, Windows Defender, Teams, Azure SDK, Azure DevOps, and Visual Studi...

Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Threatpost • Tom Spring • 10 Nov 2020

Microsoft’s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution (RCE) bugs. Twelve of Microsoft’s 17 critical patches were tied to RCE bugs. In all, 112 vulnerabilities were patched by Microsoft, with 93 rated important, and two rated low in severity.
Tracked as CVE-2020-17087, one Windows kernel local elevation of privilege vulnerability was red-flagged by Microsoft as being actively exploited in the wild. Last week, the bug was di...

Two Chrome Browser Updates Plug Holes Actively Targeted by Exploits
Threatpost • Elizabeth Montalbano • 03 Nov 2020

Flaws in Google’s Chrome desktop and Android-based browsers were patched Monday in an effort to prevent known exploits from being used by attackers. Two separate security bulletins issued by Google warned that it is aware of reports that exploits for both exist in the wild. Google’s Project Zero went one step further and asserted that both bugs are actively being exploited.
In its Chrome browser update for Windows, Mac and Linux, Google said that version 86.0.4240.183 fixes 10 vulnerab...

Google discloses Windows zero‑day bug exploited in the wild
welivesecurity • 02 Nov 2020

UPDATE (November 11th, 2020): As expected, Microsoft rolled out a fix for the vulnerability in the November 2020 Patch Tuesday release.
Google’s Project Zero researchers have disclosed details about a zero-day vulnerability in Windows that they say is being exploited by attackers.
The memory-corruption flaw resides in the Windows Kernel Cryptography Driver (cng.sys) and, according to Google, “constitutes a locally accessible attack surface that can be exploited for privilege esca...

Windows kernel vulnerability disclosed by Google's Project Zero after bug exploited in the wild by hackers
The Register • Thomas Claburn in San Francisco • 30 Oct 2020

Chocolate Factory spills beans early on privilege-escalation flaw First, Patch Tuesday. Now, Oh Hell, Monday: Microsoft emits bonus fixes for Visual Studio, Windows 10 security bugs

Google's Project Zero bug-hunting team has disclosed a Windows kernel flaw that's being actively exploited by miscreants to gain control of computers.
The web giant's bug report was privately disclosed to Microsoft on October 22, and publicly revealed just seven days later, after it detected persons unknown exploiting the programming blunder. The privilege-escalation issue was identified by Mateusz Jurczyk and Sergei Glazunov of Google Project Zero.
"The Windows Kernel Cryptography D...

Microsoft IE Browser Death March Hastens
Threatpost • Tom Spring • 26 Oct 2020

As the death of the once dominant Internet Explorer (IE) draws closer, Microsoft is quickly pounding more nails into the browser’s coffin.
On Monday, Microsoft hastened its IE-to-Edge browser-transition strategy and announced new controls for users and IT staff when it comes to how the lame-duck browser will handle a growing list of websites incompatible with IE. Those include YouTube, Twitter, Yahoo Mail and 1,153 other leading internet destinations.
Microsoft also announced that ...

Google patches Chrome zero‑day under attack
welivesecurity • 21 Oct 2020

Google has rolled out an update to its Chrome web browser that fixes five security flaws, including a vulnerability that is known to be actively exploited by attackers.
“Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild,” said Google about the zero-day flaw in FreeType, a widely used software development library that is also a Chrome component. The bug in this font rendering library affects the browser versions for Windows, macOS, and Linux.
The fla...

Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser
Threatpost • Elizabeth Montalbano • 21 Oct 2020

Google released an update to its Chrome browser that patches a zero-day vulnerability in the software’s FreeType font rendering library that was actively being exploited in the wild.
Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType. Glazunov informed Google of the vulnerability on Monday.  Project Zero is an internal security team at the company aimed at finding...

New Google Chrome version fixes actively exploited zero-day bug
BleepingComputer • Sergiu Gatlan • 20 Oct 2020

Google has released Chrome 86.0.4240.111 today, October 20th, 2020, to the Stable desktop channel to address five security vulnerabilities, one of them an actively exploited zero-day bug.
"Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild," the Google Chrome 86.0.4240.111 announcement
.
This version is rolling out to the entire userbase during the next days/weeks. Windows, Mac, and Linux desktop users can upgrade to Chrome 86 by going to <...

Top tip, everyone: Chinese hackers are hitting these 25 vulns, so make sure you patch them ASAP, says NSA
The Register • Iain Thomson in San Francisco • 20 Oct 2020

Plus this Chrome one being exploited in the wild, we note

The NSA has blown the lid off 25 computer security vulnerabilities Chinese government hackers are using to break into networks, steal data, and so on. The US super-spies said they went public with their list to help IT staff prioritize bug fixing. That is to say: if you're unsure of which patches to apply, do these first.
The cynical among you may be thinking the NSA has found other bugs to exploit in the world's computer systems, so y'all might as well go ahead and patch the ones the Chin...

The Register

The NSA has blown the lid off 25 computer security vulnerabilities Chinese government hackers are using to break into networks, steal data, and so on. The US super-spies said they went public with their list to help IT staff prioritize bug fixing. That is to say: if you're unsure of which patches to apply, do these first.
The cynical among you may be thinking the NSA has found other bugs to exploit in the world's computer systems, so y'all might as well go ahead and patch the ones the Chin...

The Register

Patch Tuesday Microsoft published fixes for 112 software vulnerabilities for its November Patch Tuesday, 17 of which have been rated critical.
Of the remainder, 93 are rated important, and two are rated low severity.
Fifteen Microsoft products are affected, including: Microsoft Windows, Office, Internet Explorer, Edge (EdgeHTML and Chromium), ChakraCore, Exchange Server, Dynamics, Windows Codecs Library, Azure Sphere, Windows Defender, Teams, Azure SDK, Azure DevOps, and Visual Studi...

Firefox 83 boosts security with HTTPS-Only mode, zero-day fix
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Mozilla Firefox 83 was released today with a new feature called 'HTTPS-Only Mode' that secures your browsing sessions by rewriting URLs to secure HTTPS versions.
Windows, Mac, and Linux desktop users can upgrade to Firefox 83 by going to 
-> 
-> 
. The browser will automatically check for the new update and install it when available.
With the release of Firefox 83, all other Firefox development branches have also moved up a version bringing Firefox Beta to...

The Register

Google's Project Zero bug-hunting team has disclosed a Windows kernel flaw that's being actively exploited by miscreants to gain control of computers.
The web giant's bug report was privately disclosed to Microsoft on October 22, and publicly revealed just seven days later, after it detected persons unknown exploiting the programming blunder. The privilege-escalation issue was identified by Mateusz Jurczyk and Sergei Glazunov of Google Project Zero.
"The Windows Kernel Cryptography D...