← Back

CVE-2020-15999

nvd nist
Published: Nov 3, 2020Modified: Oct 24, 2025CISA KEV

JSON object

Loading...
9.6
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 6.0
Source: NVD

Description

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected (6)

Products: Google: Chrome · Freetype: Freetype · Debian: Debian Linux · +3 more
Show all products
Google: Chrome · Freetype: Freetype · Debian: Debian Linux · Fedoraproject: Fedora · Opensuse: Backports Sle · Netapp: Ontap Select Deploy Administration Utility
Google
1 product
Chrome
Freetype
1 product
Freetype
Debian
1 product
Debian Linux
Fedoraproject
1 product
Fedora
Opensuse
1 product
Backports Sle
Netapp
1 product
Ontap Select Deploy Administration Utility
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Chrome
Before 86.0.4240.111
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Freetype
From 2.6.0 to 2.10.4
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 10.0
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 31
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Backports Sle
Version 15.0 sp2
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
Ontap Select Deploy Administration Utility
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (22)

Source: chrome-cve-admin@google.com
Broken LinkMailing ListThird Party Advisory
Source: chrome-cve-admin@google.com
Mailing ListNot ApplicableThird Party Advisory
Source: chrome-cve-admin@google.com
Third Party Advisory
Source: chrome-cve-admin@google.com
ExploitIssue TrackingThird Party Advisory
Source: chrome-cve-admin@google.com
ExploitThird Party Advisory
Source: chrome-cve-admin@google.com
Release Notes
Source: chrome-cve-admin@google.com
Third Party Advisory
Source: chrome-cve-admin@google.com
Third Party Advisory
Source: chrome-cve-admin@google.com
Third Party Advisory
Source: chrome-cve-admin@google.com
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListNot ApplicableThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.