CVE-2020-15999
Published: March 11, 2020
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CRITICAL
CVSS v3: 9.6
CVSS v3: 9.6
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 25.1 | freetype (2.6.5) | Not Affected | Protected At Runtime | unaffected, png compressed glyph support is not enabled |
| 25.1 | chrome (103.0.5060.123) | Not Affected | Protected At Runtime | CVE does not included required value ‘pdfium’ |
| 24.4 | freetype (2.6.5) | Not Affected | Protected At Runtime | unaffected, png compressed glyph support is not enabled |
| 24.4 | chrome (103.0.5060.123) | Not Affected | Protected At Runtime | CVE does not included required value ‘pdfium’ |
| 24.4.0 | freetype (2.6.5) | Not Affected | Protected At Runtime | unaffected, png compressed glyph support is not enabled |
| 24.4.0 | chrome (103.0.5060.123) | Not Affected | Protected At Runtime | CVE does not included required value ‘pdfium’ |
| 24.3 | freetype (2.6.5) | Not Affected | Protected At Runtime | unaffected, png compressed glyph support is not enabled |
| 24.3 | chrome (103.0.5060.123) | Not Affected | Protected At Runtime | CVE does not included required value ‘pdfium’ |
| 24.2.1 | freetype (2.6.5) | Not Affected | Protected At Runtime | unaffected, png compressed glyph support is not enabled |
| 24.2.1 | chrome (103.0.5060.123) | Not Affected | Protected At Runtime | CVE does not included required value ‘pdfium’ |
| 24.2 | freetype (2.6.5) | Not Affected | Protected At Runtime | unaffected, png compressed glyph support is not enabled |
| 24.2 | chrome (103.0.5060.123) | Not Affected | Protected At Runtime | CVE does not included required value ‘pdfium’ |
| 24.1 | freetype (2.6.5) | Not Affected | Protected At Runtime | unaffected, png compressed glyph support is not enabled |
| 24.1 | chrome (103.0.5060.123) | Not Affected | Protected At Runtime | CVE does not included required value ‘pdfium’ |
| 23.3 | freetype (2.6.5) | Not Affected | Protected At Runtime | unaffected, png compressed glyph support is not enabled |
| 23.3 | chrome (103.0.5060.123) | Not Affected | Protected At Runtime | CVE does not included required value ‘pdfium’ |
| 23.2.1 | freetype (2.6.5) | Not Affected | Protected At Runtime | unaffected, png compressed glyph support is not enabled |
| 23.2.1 | chrome (103.0.5060.123) | Not Affected | Protected At Runtime | CVE does not included required value ‘pdfium’ |
| 23.2 | freetype (2.6.5) | Not Affected | Protected At Runtime | unaffected, png compressed glyph support is not enabled |
| 23.2 | chrome (103.0.5060.123) | Not Affected | Protected At Runtime | CVE does not included required value ‘pdfium’ |
| 23.1 | freetype (2.6.5) | Not Affected | Protected At Runtime | unaffected, png compressed glyph support is not enabled |
| 23.1 | chrome (103.0.5060.123) | Not Affected | Protected At Runtime | CVE does not included required value ‘pdfium’ |
| 22.4 | freetype (2.6.5) | Not Affected | Protected At Runtime | unaffected, png compressed glyph support is not enabled |
| 22.4 | chrome (103.0.5060.123) | Not Affected | Protected At Runtime | CVE does not included required value ‘pdfium’ |
| 22.3 | freetype (2.6.5) | Not Affected | unaffected, png compressed glyph support is not enabled | |
| 22.3 | chrome (103.0.5060.123) | Not Affected | Protected At Runtime | CVE does not included required value ‘pdfium’ |
| 22.2 | freetype (2.6.5) | Not Affected | unaffected, png compressed glyph support is not enabled | |
| 22.1 | freetype (2.6.5) | Not Affected | unaffected, png compressed glyph support is not enabled | |
| 21.11.1 | freetype (2.6.5) | Not Affected | unaffected, png compressed glyph support is not enabled | |
| 21.11 | freetype (2.6.5) | Not Affected | unaffected, png compressed glyph support is not enabled | |
| 21.8.1 | freetype (2.6.5) | Not Affected | unaffected, png compressed glyph support is not enabled | |
| 21.8 | freetype (2.6.5) | Not Affected | unaffected, png compressed glyph support is not enabled |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
9.6
Base Severity
CRITICAL
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Privileges Required
NONE
Scope
CHANGED
User Interaction
REQUIRED
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Version
3.1