Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (1)
| Vulnerability |
Summary |
Aliases |
|
VCID-nx21-ks3v-53e4
|
Heap buffer overflow in CefSharp
### Impact
A memory corruption bug(Heap overflow) in the FreeType font rendering library.
> This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images .
As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/
Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild.
### Patches
Upgrade to 85.3.130 or higher
### References
- https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/
- https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
- https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942
To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d
|
CVE-2020-15999
GHSA-pv36-h7jh-qm62
|