CVE-2020-15999
Google Chrome FreeType Heap Buffer Overflow Vulnerability
CVSS
—
No CVSS
EPSS
50.6%
p99
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Google / Chrome FreeType
Vulnerability
Google Chrome FreeType Heap Buffer Overflow Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
Nov 17, 2021
Known ransomware use
No
Summary description
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-15999
No related CVEs by CWE or product.