GHSA-PV36-H7JH-QM62

Vulnerability from github – Published: 2020-10-27 19:47 – Updated: 2025-02-03 15:31
VLAI?
Summary
Heap buffer overflow in CefSharp
Details

Impact

A memory corruption bug(Heap overflow) in the FreeType font rendering library.

This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images .

As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/

Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild.

Patches

Upgrade to 85.3.130 or higher

References

  • https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/
  • https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
  • https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942

To review the CEF/Chromium patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d

Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "CefSharp.Common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "85.3.130"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "CefSharp.Wpf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "85.3.130"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "CefSharp.WinForms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "85.3.130"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "CefSharp.Wpf.HwndHost"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "85.3.130"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-15999"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-787"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-10-27T19:47:22Z",
    "nvd_published_at": "2020-11-03T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nA memory corruption bug(Heap overflow) in the FreeType font rendering library.\n\n\u003e This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images .\n\nAs per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ \n\nGoogle is aware of reports that an exploit for CVE-2020-15999 exists in the wild.\n\n### Patches\nUpgrade to 85.3.130 or higher\n\n### References\n- https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/\n- https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/\n- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999\n- https://magpcss.org/ceforum/viewtopic.php?f=10\u0026t=17942\n\nTo review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d",
  "id": "GHSA-pv36-h7jh-qm62",
  "modified": "2025-02-03T15:31:58Z",
  "published": "2020-10-27T19:47:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15999"
    },
    {
      "type": "WEB",
      "url": "https://www.nuget.org/packages/CefSharp.Wpf.HwndHost"
    },
    {
      "type": "WEB",
      "url": "https://www.nuget.org/packages/CefSharp.Wpf"
    },
    {
      "type": "WEB",
      "url": "https://www.nuget.org/packages/CefSharp.WinForms"
    },
    {
      "type": "WEB",
      "url": "https://www.nuget.org/packages/CefSharp.Common"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4824"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240812-0001"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-19"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202012-04"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202011-12"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7"
    },
    {
      "type": "WEB",
      "url": "https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cefsharp/CefSharp"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1139963"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Nov/33"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Heap buffer overflow in CefSharp"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.