CVE-2020-15999 - Google Chrome FreeType Heap Buffer Overflow Vulnerability
Project:Google
Product:Chrome FreeType
Date Added:2021-11-03Due Date:2021-11-17
Vulnerability Name
Google Chrome FreeType Heap Buffer Overflow Vulnerability
Description
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-15999