VulnerableCode Package Details - pkg:deb/debian/freetype@2.10.2%2Bdfsg-4?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-nx21-ks3v-53e4	Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d	CVE-2020-15999 GHSA-pv36-h7jh-qm62

Vulnerability

Summary

Aliases

VCID-nx21-ks3v-53e4

Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d

CVE-2020-15999
GHSA-pv36-h7jh-qm62

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T08:37:28.208192+00:00	Debian Importer	Fixing	VCID-nx21-ks3v-53e4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-11T17:48:02.982953+00:00	Debian Importer	Fixing	VCID-nx21-ks3v-53e4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:24:17.477965+00:00	Debian Importer	Fixing	VCID-nx21-ks3v-53e4	https://security-tracker.debian.org/tracker/data/json	38.1.0