Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-15999

Published: 20 October 2020

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Priority

High

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
upstream
Released (86.0.4240.111)
trusty Does not exist

lunar Not vulnerable
(code not present)
bionic
Released (86.0.4240.198-0ubuntu0.18.04.1)
hirsute Not vulnerable
(code not present)
impish Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
kinetic Not vulnerable
(code not present)
xenial
Released (86.0.4240.198-0ubuntu0.16.04.1)
mantic Not vulnerable
(code not present)
godot
Launchpad, Ubuntu, Debian
hirsute Not vulnerable
(code not compiled)
bionic Does not exist

lunar Not vulnerable
(code not compiled)
focal Not vulnerable
(code not compiled)
groovy Not vulnerable
(code not compiled)
impish Not vulnerable
(code not compiled)
jammy Not vulnerable
(code not compiled)
kinetic Not vulnerable
(code not compiled)
trusty Does not exist

upstream Needs triage

xenial Does not exist

mantic Not vulnerable
(code not compiled)
graphicsmagick
Launchpad, Ubuntu, Debian
groovy Not vulnerable
(code not present)
lunar Not vulnerable
(code not present)
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Not vulnerable
(code not present)
impish Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
kinetic Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
musescore
Launchpad, Ubuntu, Debian
groovy Not vulnerable
(code not present)
hirsute Does not exist

xenial Not vulnerable
(code not present)
lunar Does not exist

bionic Not vulnerable
(uses system freetype)
focal Not vulnerable
(code not present)
impish Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Needs triage

mantic Does not exist

openjdk-13
Launchpad, Ubuntu, Debian
focal Not vulnerable
(uses system freetype)
hirsute Does not exist

groovy Not vulnerable
(uses system freetype)
lunar Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

mantic Does not exist

texmaker
Launchpad, Ubuntu, Debian
groovy Not vulnerable
(code not compiled)
lunar Not vulnerable
(code not compiled)
bionic Not vulnerable
(code not compiled)
focal Not vulnerable
(code not compiled)
hirsute Not vulnerable
(code not compiled)
impish Not vulnerable
(code not compiled)
jammy Not vulnerable
(code not compiled)
kinetic Not vulnerable
(code not compiled)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not present)
mantic Not vulnerable
(code not compiled)
android
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

trusty Does not exist

upstream Needs triage

xenial Needs triage

lunar Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

mantic Does not exist

firefox
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system freetype)
focal Not vulnerable
(uses system freetype)
groovy Not vulnerable
(uses system freetype)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(uses system freetype)
lunar Not vulnerable
(uses system freetype)
hirsute Not vulnerable
(uses system freetype)
impish Not vulnerable
(uses system freetype)
jammy Not vulnerable
(uses system freetype)
kinetic Not vulnerable
(uses system freetype)
mantic Not vulnerable
(uses system freetype)
freetype
Launchpad, Ubuntu, Debian
bionic
Released (2.8.1-2ubuntu2.1)
focal
Released (2.10.1-2ubuntu0.1)
lunar
Released (2.10.2+dfsg-3ubuntu1)
groovy
Released (2.10.2+dfsg-3ubuntu1)
hirsute
Released (2.10.2+dfsg-3ubuntu1)
impish
Released (2.10.2+dfsg-3ubuntu1)
jammy
Released (2.10.2+dfsg-3ubuntu1)
kinetic
Released (2.10.2+dfsg-3ubuntu1)
trusty
Released (2.5.2-1ubuntu2.8+esm2)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream
Released (2.10.4)
xenial
Released (2.6.1-0.1ubuntu2.5)
mantic
Released (2.10.2+dfsg-3ubuntu1)
Patches:
upstream: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
openjdk-lts
Launchpad, Ubuntu, Debian
focal Not vulnerable
(uses system freetype)
bionic Not vulnerable
(uses system freetype)
groovy Not vulnerable
(uses system freetype)
trusty Does not exist

upstream Needs triage

xenial Does not exist

lunar Not vulnerable
(uses system freetype)
hirsute Not vulnerable
(uses system freetype)
impish Not vulnerable
(uses system freetype)
jammy Not vulnerable
(uses system freetype)
kinetic Not vulnerable
(uses system freetype)
mantic Not vulnerable
(uses system freetype)
openjdk-15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

lunar Does not exist

groovy Not vulnerable
(uses system freetype)
hirsute Not vulnerable
(uses system freetype)
impish Does not exist

jammy Does not exist

kinetic Does not exist

mantic Does not exist

oxide-qt
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(uses system freetype)
lunar Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

mantic Does not exist

paraview
Launchpad, Ubuntu, Debian
trusty Does not exist

upstream Needs triage

lunar Not vulnerable
(uses system freetype)
bionic Not vulnerable
(code not present)
focal Not vulnerable
(uses system freetype)
groovy Not vulnerable
(uses system freetype)
hirsute Not vulnerable
(uses system freetype)
impish Not vulnerable
(uses system freetype)
jammy Not vulnerable
(uses system freetype)
kinetic Not vulnerable
(uses system freetype)
xenial Not vulnerable
(code not present)
mantic Not vulnerable
(uses system freetype)
qtbase-opensource-src
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system freetype)
focal Not vulnerable
(uses system freetype)
lunar Not vulnerable
(uses system freetype)
groovy Not vulnerable
(uses system freetype)
hirsute Not vulnerable
(uses system freetype)
impish Not vulnerable
(uses system freetype)
jammy Not vulnerable
(uses system freetype)
kinetic Not vulnerable
(uses system freetype)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(uses system freetype)
mantic Not vulnerable
(uses system freetype)
thunderbird
Launchpad, Ubuntu, Debian
upstream
Released (78.5)
lunar Not vulnerable
(uses system freetype)
bionic Not vulnerable
(uses system freetype)
focal Not vulnerable
(uses system freetype)
groovy Not vulnerable
(uses system freetype)
hirsute Not vulnerable
(uses system freetype)
impish Not vulnerable
(uses system freetype)
jammy Not vulnerable
(uses system freetype)
kinetic Not vulnerable
(uses system freetype)
trusty Does not exist

xenial Not vulnerable
(uses system freetype)
mantic Not vulnerable
(uses system freetype)
openjdk-12
Launchpad, Ubuntu, Debian
lunar Does not exist

bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

mantic Does not exist

qtbase-opensource-src-gles
Launchpad, Ubuntu, Debian
lunar Not vulnerable
(uses system freetype)
bionic Does not exist

focal Not vulnerable
(uses system freetype)
groovy Not vulnerable
(uses system freetype)
hirsute Not vulnerable
(uses system freetype)
impish Not vulnerable
(uses system freetype)
jammy Not vulnerable
(uses system freetype)
kinetic Not vulnerable
(uses system freetype)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(uses system freetype)
mantic Not vulnerable
(uses system freetype)
texlive-bin
Launchpad, Ubuntu, Debian
lunar Not vulnerable
(uses system freetype)
bionic Not vulnerable
(uses system freetype)
focal Not vulnerable
(uses system freetype)
groovy Not vulnerable
(uses system freetype)
hirsute Not vulnerable
(uses system freetype)
impish Not vulnerable
(uses system freetype)
jammy Not vulnerable
(uses system freetype)
kinetic Not vulnerable
(uses system freetype)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(uses system freetype)
mantic Not vulnerable
(uses system freetype)

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H