VulnerableCode Package Details - pkg:rpm/redhat/freetype@2.9.1-4.el8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/freetype@2.9.1-4.el8_2?arch=1

purl	pkg:rpm/redhat/freetype@2.9.1-4.el8_2?arch=1

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-nx21-ks3v-53e4 Aliases: CVE-2020-15999 GHSA-pv36-h7jh-qm62	Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:04:13.503864+00:00	RedHat Importer	Affected by	VCID-nx21-ks3v-53e4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json	38.0.0