CVE-2020-15999 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	A heap buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyphs can cause a heap buffer overflow in Load_SBit_Png as libpng uses the original 32-bit values, which are saved in png_struct. If the original width and/or height are greater than 65535, the allocated buffer won't be able to fit the bitmap.

Group	Package	Affected	Fixed	Severity	Status
AVG-1279	firefox	82.0.3-1	83.0-1	Critical	Fixed
AVG-1255	lib32-freetype2	2.10.3-1	2.10.4-1	High	Fixed
AVG-1254	freetype2	2.10.3-1	2.10.4-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
17 Nov 2020	ASA-202011-12	AVG-1279	firefox	Critical	multiple issues
20 Oct 2020	ASA-202010-11	AVG-1255	lib32-freetype2	High	arbitrary code execution
20 Oct 2020	ASA-202010-10	AVG-1254	freetype2	High	arbitrary code execution

References
http://git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd https://savannah.nongnu.org/bugs/?59308 https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

References

http://git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
https://savannah.nongnu.org/bugs/?59308
https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html