CVE-2020-15999 - log back

CVE-2020-15999 edited at 12 Feb 2021 10:20:09
References
http://git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
https://savannah.nongnu.org/bugs/?59308
https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html
+ https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
CVE-2020-15999 edited at 05 Feb 2021 04:28:54
References
http://git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
https://savannah.nongnu.org/bugs/?59308
+ https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html
CVE-2020-15999 edited at 20 Oct 2020 10:51:57
Description
- A head buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyps can cause a heap buffer overflow in Load_SBit_Png as libpng uses the original 32-bit values, which are saved in png_struct. If the original width and/or height are greater than 65535, the allocated buffer won't be able to fit the bitmap.
+ A heap buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyphs can cause a heap buffer overflow in Load_SBit_Png as libpng uses the original 32-bit values, which are saved in png_struct. If the original width and/or height are greater than 65535, the allocated buffer won't be able to fit the bitmap.
CVE-2020-15999 edited at 20 Oct 2020 10:28:53
Description
- A head buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyps can cause a heap buffer overflow in Load_SBit_Png. libpng uses the original 32-bit values, which are saved in png_struct. If the original width and/or height are greater than 65535, the allocated buffer won't be able to fit the bitmap.
+ A head buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyps can cause a heap buffer overflow in Load_SBit_Png as libpng uses the original 32-bit values, which are saved in png_struct. If the original width and/or height are greater than 65535, the allocated buffer won't be able to fit the bitmap.
CVE-2020-15999 edited at 20 Oct 2020 10:28:42
Description
- A head buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyps can cause a heap buffer overflow in Load_SBit_Png.
+ A head buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyps can cause a heap buffer overflow in Load_SBit_Png. libpng uses the original 32-bit values, which are saved in png_struct. If the original width and/or height are greater than 65535, the allocated buffer won't be able to fit the bitmap.
CVE-2020-15999 edited at 20 Oct 2020 10:20:11
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A head buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyps can cause a heap buffer overflow in Load_SBit_Png.
References
+ http://git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
+ https://savannah.nongnu.org/bugs/?59308
Notes
CVE-2020-15999 created at 20 Oct 2020 10:16:04