/

CVE-2020-15999 Report - Details, Severity, & Advisorie...

CVE-2020-15999 Report - Details, Severity, & Advisories

Twingate Team

May 31, 2024

What is CVE-2020-15999?

CVE-2020-15999 is a medium-severity vulnerability that affects systems running Google Chrome versions up to 86.0.4240.111 and Freetype versions from 2.6.0 to 2.10.4. This vulnerability is caused by a heap buffer overflow in Freetype, which can impact various systems, including Windows, Mac, Linux, and openSUSE Backports SLE-15-SP2.

Who is impacted by CVE-2020-15999?

This includes users of openSUSE Backports SLE-15-SP2 running Chromium version 86.0.4240.111, as well as users of Chrome version 86.0.4240.111 for Windows, Mac, and Linux.

What should I do if I’m affected?

If you're affected by the CVE-2020-15999 vulnerability, it's crucial to update your software to protect against potential exploits. Follow these simple steps:

  1. Update Google Chrome to version 86.0.4240.111 or later

  2. Update Freetype to version 2.10.4 or later

  3. For openSUSE Backports SLE-15-SP2 users, update Chromium to version 86.0.4240.111 or later

By keeping your software up-to-date, you can minimize the risk of being affected by this vulnerability.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2020-15999 vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability is named Google Chrome FreeType Heap Buffer Overflow Vulnerability and was added to the catalog on November 3, 2021. The due date for required action is November 17, 2021.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue in Freetype affecting Google Chrome and other systems.

Learn More

For more information about the CVE-2020-15999 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2020-15999 Report - Details, Severity, & Advisorie...

CVE-2020-15999 Report - Details, Severity, & Advisories

Twingate Team

May 31, 2024

What is CVE-2020-15999?

CVE-2020-15999 is a medium-severity vulnerability that affects systems running Google Chrome versions up to 86.0.4240.111 and Freetype versions from 2.6.0 to 2.10.4. This vulnerability is caused by a heap buffer overflow in Freetype, which can impact various systems, including Windows, Mac, Linux, and openSUSE Backports SLE-15-SP2.

Who is impacted by CVE-2020-15999?

This includes users of openSUSE Backports SLE-15-SP2 running Chromium version 86.0.4240.111, as well as users of Chrome version 86.0.4240.111 for Windows, Mac, and Linux.

What should I do if I’m affected?

If you're affected by the CVE-2020-15999 vulnerability, it's crucial to update your software to protect against potential exploits. Follow these simple steps:

  1. Update Google Chrome to version 86.0.4240.111 or later

  2. Update Freetype to version 2.10.4 or later

  3. For openSUSE Backports SLE-15-SP2 users, update Chromium to version 86.0.4240.111 or later

By keeping your software up-to-date, you can minimize the risk of being affected by this vulnerability.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2020-15999 vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability is named Google Chrome FreeType Heap Buffer Overflow Vulnerability and was added to the catalog on November 3, 2021. The due date for required action is November 17, 2021.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue in Freetype affecting Google Chrome and other systems.

Learn More

For more information about the CVE-2020-15999 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2020-15999 Report - Details, Severity, & Advisories

Twingate Team

May 31, 2024

What is CVE-2020-15999?

CVE-2020-15999 is a medium-severity vulnerability that affects systems running Google Chrome versions up to 86.0.4240.111 and Freetype versions from 2.6.0 to 2.10.4. This vulnerability is caused by a heap buffer overflow in Freetype, which can impact various systems, including Windows, Mac, Linux, and openSUSE Backports SLE-15-SP2.

Who is impacted by CVE-2020-15999?

This includes users of openSUSE Backports SLE-15-SP2 running Chromium version 86.0.4240.111, as well as users of Chrome version 86.0.4240.111 for Windows, Mac, and Linux.

What should I do if I’m affected?

If you're affected by the CVE-2020-15999 vulnerability, it's crucial to update your software to protect against potential exploits. Follow these simple steps:

  1. Update Google Chrome to version 86.0.4240.111 or later

  2. Update Freetype to version 2.10.4 or later

  3. For openSUSE Backports SLE-15-SP2 users, update Chromium to version 86.0.4240.111 or later

By keeping your software up-to-date, you can minimize the risk of being affected by this vulnerability.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2020-15999 vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability is named Google Chrome FreeType Heap Buffer Overflow Vulnerability and was added to the catalog on November 3, 2021. The due date for required action is November 17, 2021.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue in Freetype affecting Google Chrome and other systems.

Learn More

For more information about the CVE-2020-15999 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.