All vulnerabilities
CVE-2020-15999
Heap buffer overflow in CefSharp
Description
Impact
A memory corruption bug(Heap overflow) in the FreeType font rendering library.
This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images .
As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/
Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild.
Patches
Upgrade to 85.3.130 or higher
References
- https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/
- https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
- https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942
To review the CEF/Chromium patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
6.5
Severity
Medium
Ecosystem
APK
Publish Date
October 27, 2020
Modified Date
February 3, 2025
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Versions
