CVE-2020-15999

CRITICAL KEV

Google Chrome < 86.0.4240.111 - Remote Code Execution via Freetype Heap Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-15999 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 3 public exploits from researchers including Marmeus, oxfemale, maarlo.

AI-analyzed exploit summary This repository contains a working PoC for CVE-2020-15999, a heap-buffer-overflow vulnerability in FreeType and Google Chrome. The exploit demonstrates the vulnerability by triggering a crash in both `ftview` (FreeType) and Google Chrome via a maliciously crafted TTF font file.

Description

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (3)

nomisec WORKING POC 2 stars
by Marmeus · client-side
https://github.com/Marmeus/CVE-2020-15999

This repository contains a working PoC for CVE-2020-15999, a heap-buffer-overflow vulnerability in FreeType and Google Chrome. The exploit demonstrates the vulnerability by triggering a crash in both `ftview` (FreeType) and Google Chrome via a maliciously crafted TTF font file.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: FreeType (libpng-1.6.37, freetype2-VER-2-10-3), Google Chrome (< 86.0.4240.111)
No auth needed
Prerequisites: Vulnerable version of FreeType or Google Chrome · Ability to execute scripts and install dependencies
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by oxfemale · poc
https://github.com/oxfemale/CVE-2020-15999

This repository contains a proof-of-concept exploit for CVE-2020-15999, a heap-buffer-overflow vulnerability in FreeType's handling of SBIX tables in fonts. The exploit demonstrates crashes in both ftview and Chrome, with detailed debugging steps and updates on triggering the vulnerability via JavaScript font loading.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: FreeType (via Chrome/Chromium)
No auth needed
Prerequisites: A maliciously crafted font file with an SBIX table · A target application that uses FreeType to render fonts (e.g., Chrome)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by maarlo · poc
https://github.com/maarlo/CVE-2020-15999

This repository contains a script to exploit CVE-2020-15999, a vulnerability in FreeType. The script sets up the environment, compiles vulnerable versions of libpng and FreeType, and triggers the vulnerability using ftview.

Classification
Working Poc 80%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: FreeType 2.10.3
No auth needed
Prerequisites: Linux environment with sudo access · Internet connection to download dependencies
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Broken Link, Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202011-12
Mailing List, Not Applicable, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2020/Nov/33
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202012-04
Mailing List, Third Party Advisory vendor-advisory
https://www.debian.org/security/2021/dsa-4824
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202401-19
Exploit, Issue Tracking, Third Party Advisory
https://crbug.com/1139963

Scores

CVSS v3 9.6
EPSS 0.9303
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2021-11-03
VulnCheck KEV 2020-10-19
InTheWild.io 2020-10-19
ENISA EUVD EUVD-2020-1435
CWE
CWE-120 CWE-787
Status published
Products (10)
debian/debian_linux 10.0
fedoraproject/fedora 31
freetype/freetype 2.6.0 - 2.10.4
google/chrome < 86.0.4240.111
netapp/ontap_select_deploy_administration_utility
nuget/CefSharp.Common 0 - 85.3.130NuGet
nuget/CefSharp.WinForms 0 - 85.3.130NuGet
nuget/CefSharp.Wpf 0 - 85.3.130NuGet
nuget/CefSharp.Wpf.HwndHost 0 - 85.3.130NuGet
opensuse/backports_sle 15.0 sp2
Published Nov 03, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026