CVE-2020-15999 log

Severity High
Remote Yes
Type Arbitrary code execution
A heap buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyphs can cause a heap buffer overflow in Load_SBit_Png as libpng uses the original 32-bit values, which are saved in png_struct. If the original width and/or height are greater than 65535, the allocated buffer won't be able to fit the bitmap.
Group Package Affected Fixed Severity Status Ticket
AVG-1279 firefox 82.0.3-1 83.0-1 Critical Fixed
AVG-1255 lib32-freetype2 2.10.3-1 2.10.4-1 High Fixed
AVG-1254 freetype2 2.10.3-1 2.10.4-1 High Fixed
Date Advisory Group Package Severity Type
17 Nov 2020 ASA-202011-12 AVG-1279 firefox Critical multiple issues
20 Oct 2020 ASA-202010-11 AVG-1255 lib32-freetype2 High arbitrary code execution
20 Oct 2020 ASA-202010-10 AVG-1254 freetype2 High arbitrary code execution