QID 982958
QID 982958: Dotnet (nuget) Security Update for CefSharp.Wpf.HwndHost (GHSA-pv36-h7jh-qm62)
Security update has been released for CefSharp.WinForms,CefSharp.Wpf.HwndHost,CefSharp.Wpf,CefSharp.Common to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
A memory corruption bug(Heap overflow) in the FreeType font rendering library.
> This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images .
As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/
Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild.
Solution
Upgrade to 85.3.130 or higher
Vendor References
- GHSA-pv36-h7jh-qm62 -
github.com/advisories/GHSA-pv36-h7jh-qm62
CVEs related to QID 982958
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-pv36-h7jh-qm62 | CefSharp.Common |
github.com/advisories/GHSA-pv36-h7jh-qm62 |
|
| GHSA-pv36-h7jh-qm62 | CefSharp.WinForms |
github.com/advisories/GHSA-pv36-h7jh-qm62 |
|
| GHSA-pv36-h7jh-qm62 | CefSharp.Wpf |
github.com/advisories/GHSA-pv36-h7jh-qm62 |
|
| GHSA-pv36-h7jh-qm62 | CefSharp.Wpf.HwndHost |
github.com/advisories/GHSA-pv36-h7jh-qm62 |