Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
385
VMScore

CVE-2020-15999

Published: 03/11/2020 Updated: 15/02/2024
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 385
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Google

Vulnerability Summary

Heap buffer overflow in Freetype in Google Chrome before 86.0.4240.111 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

freetype freetype

debian debian linux 10.0

fedoraproject fedora 31

opensuse backports sle 15.0

Vendor Advisories

Debian CVElist Bug Report Logs: freetype: CVE-2020-15999: buffer overflow in Load_SBit_Png
Debian Bug report logs - #972586 freetype: CVE-2020-15999: buffer overflow in Load_SBit_Png Package: src:freetype; Maintainer for src:freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 20 Oct 2020 19:09:02 UTC Severity: grave Tags: pending, security ...
Red Hat: Important: freetype security update
Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic An update for freetype is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Red Hat: Moderate: OpenShift Container Platform 4.5.20 bug fix and golang security update
Synopsis Moderate: OpenShift Container Platform 4520 bug fix and golang security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4520 is now available with updates to packages and images that fix several bugsThis release includes a security update for ...
Red Hat: Moderate: OpenShift Container Platform 4.5.21 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 4521 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4521 is now available with updates to packages and images that fix several bugsThis release includes a security update for opensh ...
Red Hat: Important: freetype security update
Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic An update for freetype is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Red Hat: Important: freetype security update
Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic An update for freetype is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Red Hat: Important: freetype security update
Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic An update for freetype is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Red Hat: Important: chromium-browser security update
Synopsis Important: chromium-browser security update Type/Severity Security Advisory: Important Topic An update for chromium-browser is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Red Hat: Important: freetype security update
Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic An update for freetype is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Debian Security Advisories: DSA-4824-1 chromium -- security update
Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure For the stable distribution (buster), these problems have been fixed in version 870428088-04~deb10u1 We recommend that you upgrade your chromium packages For the detailed sec ...
Debian Security Advisories: DSA-4777-1 freetype -- security update
Sergei Glazunov discovered a heap-based buffer overflow vulnerability in the handling of embedded PNG bitmaps in FreeType Opening malformed fonts may result in denial of service or the execution of arbitrary code For the stable distribution (buster), this problem has been fixed in version 291-3+deb10u2 We recommend that you upgrade your freety ...
Amazon Linux 2: ALAS2-2020-1565
Heap buffer overflow in Freetype in Google Chrome prior to 8604240111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page (CVE-2020-15999) ...
Arch Linux Issues:
A head buffer overflow has been found in freetype2 before 2104 Malformed TTF files with PNG sbit glyps can cause a heap buffer overflow in Load_SBit_Png ...
Mozilla: Security Vulnerabilities fixed in Firefox 83
Mozilla Foundation Security Advisory 2020-50 Security Vulnerabilities fixed in Firefox 83 Announced November 17, 2020 Impact high Products Firefox Fixed in Firefox 83 ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 78.5
Mozilla Foundation Security Advisory 2020-52 Security Vulnerabilities fixed in Thunderbird 785 Announced November 17, 2020 Impact high Products Thunderbird Fixed in Thunderbird 785 ...
Mozilla: Security Vulnerabilities fixed in Firefox ESR 78.5
Mozilla Foundation Security Advisory 2020-51 Security Vulnerabilities fixed in Firefox ESR 785 Announced November 17, 2020 Impact high Products Firefox ESR Fixed in Firefox ESR 785 ...
Google Chrome: Stable Channel Update for Desktop
The stable channel has been updated to 8604240111 for Windows, Mac & Linux which will roll out over the coming days/weeksA list of all changes is available in the log Interested in switching release channels? Find out how If you find a new issue, please let us know by filing a bug The community help forum is also a great place to reach ...
Amazon Linux 2022: ALAS2022-2022-033
A heap buffer overflow leading to out-of-bounds write was found in freetype Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application memory when an attacker supplies a specially crafted TTF file (CVE-2020-15999) ...

Mailing Lists

Full Disclosure: Chrome heap buffer overflow in freetype2 CVE-2020-15999
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Chrome heap buffer overflow in freetype2 CVE-2020-15999 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: M ...
Full Disclosure: Re: CVE-2020-15999 fixed in FreeType 2.10.4
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2020-15999 fixed in FreeType 2104 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Werner LEMBERG &lt;wl ...
Full Disclosure: CVE-2020-15999 fixed in FreeType 2.10.4
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2020-15999 fixed in FreeType 2104 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Alan Coopersmith &lt;alan ...

Github Repositories

https://github.com/marcinguy/CVE-2020-15999

CVE-2020-15999

CVE-2020-15999 CVE-2020-15999 Added font with SBIX table (based on Arial) - docsmicrosoftcom/en-us/typography/opentype/spec/sbix Crashes in ftview (asanpng) but somehow cannot bring Chrome to crash Flags are also not correctly set so load_sbit_image() is also not called Weird Calling it like this: indexhtml &lt;html&gt; &lt;head&gt;

https://github.com/Marmeus/CVE-2020-15999

Todos los materiales necesarios para la PoC en Chrome y ftview

CVE-2020-15999 Here you will all the resources in order to execute the PoC for the CVE-2020-15999 in Google Chrome and Ftview (Ubuntu) There are two folders in this repository, one for each program Google Chrome In order to reproduce the exploit you will have to install a Google Chrome version previous to the 8604240111 version In my case I used the 8504183121 version

https://github.com/advxrsary/vuln-scanner

simplified grype CLI

vuln-scanner Description This is a command line interface tool based on the @anchore's grype It scans SBOM file and reports the vulnerabilities found in the image This tool has its benefits over grype It is less resource intensive and has simple and easy to use interface Installation $ git clone $ cd vuln-scanner $ go build -o vuln-scanner

https://github.com/maarlo/CVE-2020-15999

Repositorio con un script encargado de explotar la vulnerabilidad CVE-2020-15999

CVE-2020-15999 Repositorio con un script encargado de explotar la vulnerabilidad CVE-2020-15999 Ejecución Ejecutar el siguiente comando para explotar la vulnerabilidad bash runsh

https://github.com/BOB-Jour/Chromium-Bug-Hunting-Project

웹 브라우저 취약점 탐지 자동화 프로젝트 취약점 분석 트랙 BOB-Jour팀은 BoB(Best of the Best) 프로젝트로 약 3개월간 자동화를 이용하여 웹 브라우저의 취약점 탐지를 하고자 했다 Overview 프로젝트의 목표는 크롬 브라우저 버그 헌팅과 브라우저 보안 시장의 인식 향상을 위해 자동화를 이용

https://github.com/BOB-Jour/Glitch_Fuzzer

FreeType Fuzzer

Glitch - FreeType Mutator Glitch는 Chrome의 FreeType을 퍼징하는 Mutator입니다 CVE-2020-15999 취약점의 루트커즈와 비슷한 이유로 발생할 수 있는 취약점들을 탐지하는 것이 목적입니다 Glitch Fuzzer에 대한 문서는 추후 깃헙에 공개될 예정입니다 Fuzzing Test 방법 # step0 - 필수 모듈 설치 pip3 install pyp

https://github.com/seifrajhi/Docker-Image-Building-Best-Practices

Discover the best practices for building efficient and secure Docker images with this comprehensive guide.

Security Scanning When you have built an image, it is good practice to scan it for security vulnerabilities using the docker scan command Docker has partnered with Snyk to provide the vulnerability scanning service For example, to scan the getting-started image you created earlier in the tutorial, you can just type docker scan getting-started

Recent Articles

Microsoft emits 112 security hole fixes – including the cure for a Google-disclosed kernel vuln exploited in the wild
The Register • Thomas Claburn in San Francisco • 11 Nov 2020

Android, Adobe, SAP, Red Hat join the bug-busting party Rust in peace: Memory bugs in C and C++ code cause security issues so Microsoft is considering alternatives once again

Patch Tuesday Microsoft published fixes for 112 software vulnerabilities for its November Patch Tuesday, 17 of which have been rated critical. Of the remainder, 93 are rated important, and two are rated low severity. Fifteen Microsoft products are affected, including: Microsoft Windows, Office, Internet Explorer, Edge (EdgeHTML and Chromium), ChakraCore, Exchange Server, Dynamics, Windows Codecs Library, Azure Sphere, Windows Defender, Teams, Azure SDK, Azure DevOps, and Visual Studio. One of th...

Read more...
Windows kernel vulnerability disclosed by Google's Project Zero after bug exploited in the wild by hackers
The Register • Thomas Claburn in San Francisco • 30 Oct 2020

Chocolate Factory spills beans early on privilege-escalation flaw First, Patch Tuesday. Now, Oh Hell, Monday: Microsoft emits bonus fixes for Visual Studio, Windows 10 security bugs

Google's Project Zero bug-hunting team has disclosed a Windows kernel flaw that's being actively exploited by miscreants to gain control of computers. The web giant's bug report was privately disclosed to Microsoft on October 22, and publicly revealed just seven days later, after it detected persons unknown exploiting the programming blunder. The privilege-escalation issue was identified by Mateusz Jurczyk and Sergei Glazunov of Google Project Zero. "The Windows Kernel Cryptography Driver (cng.s...

Read more...
Top tip, everyone: Chinese hackers are hitting these 25 vulns, so make sure you patch them ASAP, says NSA
The Register • Iain Thomson in San Francisco • 20 Oct 2020

Plus this Chrome one being exploited in the wild, we note

The NSA has blown the lid off 25 computer security vulnerabilities Chinese government hackers are using to break into networks, steal data, and so on. The US super-spies said they went public with their list to help IT staff prioritize bug fixing. That is to say: if you're unsure of which patches to apply, do these first. The cynical among you may be thinking the NSA has found other bugs to exploit in the world's computer systems, so y'all might as well go ahead and patch the ones the Chinese ar...

Read more...

References

CWE-787https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.htmlhttps://crbug.com/1139963http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.htmlhttps://security.gentoo.org/glsa/202011-12http://seclists.org/fulldisclosure/2020/Nov/33https://security.gentoo.org/glsa/202012-04https://www.debian.org/security/2021/dsa-4824https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/https://security.gentoo.org/glsa/202401-19https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972586https://nvd.nist.govhttps://github.com/marcinguy/CVE-2020-15999https://www.debian.org/security/2021/dsa-4824
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook