VulnerableCode Package Details - pkg:alpm/archlinux/lib32-freetype2@2.10.3-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/lib32-freetype2@2.10.3-1

Essentials
History (1)

purl	pkg:alpm/archlinux/lib32-freetype2@2.10.3-1

Next non-vulnerable version	2.10.4-1
Latest non-vulnerable version	2.10.4-1
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-nx21-ks3v-53e4 Aliases: CVE-2020-15999 GHSA-pv36-h7jh-qm62	Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d	2.10.4-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:25:46.713772+00:00	Arch Linux Importer	Affected by	VCID-nx21-ks3v-53e4	https://security.archlinux.org/AVG-1255	38.0.0