CVE-2020-15999
Aliases:GHSA-pv36-h7jh-qm62A-171232105ASB-A-171232105
Advisory lineage Upstream: 0 Downstream: 43
Analyzed
Published: 03 Nov 2020, 00:00
Last modified:21 Oct 2025, 23:35
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.6 CRITICAL
v3.1 (cve.org)
EPSS Score
93.03% CRITICAL
93% probability +0.13%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected
Timeline
03 Nov 2020, 00:00
Published
Vulnerability first disclosed
03 Nov 2021, 00:00
Added to CISA KEV
Google Chrome FreeType Heap Buffer Overflow Vulnerability
17 Nov 2021, 00:00
CISA Remediation Due
Apply updates per vendor instructions.
21 Oct 2025, 23:35
Last Modified
Vulnerability information updated
Description
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 93.03%• Percentile: 100%
Techniques & Countermeasures
- CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
- CWE-120•Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Affected Systems
- debian•debian_linux
10.0
- fedoraproject•fedora
31
- Unknown•FreeType
≥ 2.6.0, < 2.10.4
- google•chrome
< 86.0.4240.111 | ≥ unspecified, < 86.0.4240.111
- netapp•ontap_select_deploy_administration_utility
na
- NuGet•CefSharp.Common
< 85.3.130
- NuGet•CefSharp.WinForms
< 85.3.130
- NuGet•CefSharp.Wpf
< 85.3.130
- NuGet•CefSharp.Wpf.HwndHost
< 85.3.130
- opensuse•backports_sle
15.0:sp2
References (22)
- https://crbug.com/1139963
- https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/
- https://security.gentoo.org/glsa/202011-12
- http://seclists.org/fulldisclosure/2020/Nov/33
- https://security.gentoo.org/glsa/202012-04
- https://www.debian.org/security/2021/dsa-4824
- https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html
- https://security.gentoo.org/glsa/202401-19
- https://security.netapp.com/advisory/ntap-20240812-0001/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-15999
- https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62
- https://nvd.nist.gov/vuln/detail/CVE-2020-15999
- https://www.nuget.org/packages/CefSharp.Wpf.HwndHost
- https://www.nuget.org/packages/CefSharp.Wpf
- https://www.nuget.org/packages/CefSharp.WinForms
- https://www.nuget.org/packages/CefSharp.Common
- https://security.netapp.com/advisory/ntap-20240812-0001
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
- https://github.com/cefsharp/CefSharp