CVE-2020-15999
high
KEV
CVSS v3
—
CVSS v2
—
VIR risk
9.5
Description
Important: freetype security update
CISA KEV
- Vendor
- Product
- Chrome FreeType
- Due date
- 2021-11-17
Predictions
Exploit likelihood
99%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2020-4952.html
Vendor advisory: cisa-kev — https://nvd.nist.gov/vuln/detail/CVE-2020-15999
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2020:4952
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-15999
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2020-15999.html
Vendor advisory: arch — https://security.archlinux.org/ASA-202010-10
Vendor advisory: arch — https://security.archlinux.org/ASA-202010-11
Vendor advisory: arch — https://security.archlinux.org/ASA-202011-12
Exploits
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | fixed | 83.0-1 | |
| sles | affected | | |
| debian | bookworm | fixed | 2.10.2+dfsg-4 |
| debian | bullseye | fixed | 2.10.2+dfsg-4 |
| debian | forky | fixed | 2.10.2+dfsg-4 |
| debian | sid | fixed | 2.10.2+dfsg-4 |
| debian | trixie | fixed | 2.10.2+dfsg-4 |
| rocky | 8 | fixed | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| NuGet | CefSharp.Common | <85.3.130 | 85.3.130 |
| NuGet | CefSharp.Wpf | <85.3.130 | 85.3.130 |
| NuGet | CefSharp.WinForms | <85.3.130 | 85.3.130 |
| NuGet | CefSharp.Wpf.HwndHost | <85.3.130 | 85.3.130 |
References
- https://security.archlinux.org/ASA-202011-12
- https://security.archlinux.org/ASA-202010-11
- https://security.archlinux.org/ASA-202010-10
- https://www.suse.com/security/cve/CVE-2020-15999.html
- https://security-tracker.debian.org/tracker/CVE-2020-15999
- https://errata.rockylinux.org/RLSA-2020:4952
- https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62
- https://nvd.nist.gov/vuln/detail/CVE-2020-15999
- https://www.nuget.org/packages/CefSharp.Wpf.HwndHost
- https://www.nuget.org/packages/CefSharp.Wpf
- https://www.nuget.org/packages/CefSharp.WinForms
- https://www.nuget.org/packages/CefSharp.Common
- https://www.debian.org/security/2021/dsa-4824
- https://security.netapp.com/advisory/ntap-20240812-0001
- https://security.gentoo.org/glsa/202401-19
- https://security.gentoo.org/glsa/202012-04
- https://security.gentoo.org/glsa/202011-12
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
- https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html
- https://github.com/cefsharp/CefSharp
- https://crbug.com/1139963
- https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
- http://seclists.org/fulldisclosure/2020/Nov/33
Verify integrity in audit chain (admin only). AS-IS.