{"id":"ASB-A-171232105","details":"In Load_SBit_Png of pngshim.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-171232105","CVE-2020-15999","GHSA-pv36-h7jh-qm62"],"modified":"2026-03-11T05:59:42.926859Z","published":"2021-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-01-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004"}],"affected":[{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2021-01-01"}]}],"versions":["8.0"],"ecosystem_specific":{"types":["RCE"],"spl":"2021-01-01","fixes":["https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004"],"severity":"Moderate","vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004","signature_type":"Function","target":{"function":"Load_SBit_Png","file":"src/sfnt/pngshim.c"},"signature_version":"v1","id":"ASB-A-171232105-77115d1a","digest":{"function_hash":"194011261781284787445973321418735434814","length":3189},"deprecated":false},{"source":"https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004","signature_type":"Line","target":{"file":"src/sfnt/pngshim.c"},"signature_version":"v1","id":"ASB-A-171232105-8aae99a6","digest":{"threshold":0.9,"line_hashes":["208860372010935151343063066297222324914","233030270906213514960881824988592192726","215268173661816570473557084426646208708","134347666717980172232860258622704214640","149472428944486004085391017137533156713","303862154618928232714109744889947985112","339779475924866474542854574324866011491","6017163583475985116083763327437696333","176004433254996303573680865909396220616","322771888159213265172234683524941889829","309209274501869294504350979542704920374","152300273129484813905548252616649177409"]},"deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-171232105.json"}},{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2021-01-01"}]}],"versions":["8.1"],"ecosystem_specific":{"types":["RCE"],"spl":"2021-01-01","fixes":["https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004"],"severity":"Moderate","vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004","signature_type":"Function","target":{"function":"Load_SBit_Png","file":"src/sfnt/pngshim.c"},"signature_version":"v1","id":"ASB-A-171232105-97259488","digest":{"function_hash":"194011261781284787445973321418735434814","length":3189},"deprecated":false},{"source":"https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004","signature_type":"Line","target":{"file":"src/sfnt/pngshim.c"},"signature_version":"v1","id":"ASB-A-171232105-af23209d","digest":{"threshold":0.9,"line_hashes":["208860372010935151343063066297222324914","233030270906213514960881824988592192726","215268173661816570473557084426646208708","134347666717980172232860258622704214640","149472428944486004085391017137533156713","303862154618928232714109744889947985112","339779475924866474542854574324866011491","6017163583475985116083763327437696333","176004433254996303573680865909396220616","322771888159213265172234683524941889829","309209274501869294504350979542704920374","152300273129484813905548252616649177409"]},"deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-171232105.json"}},{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2021-01-01"}]}],"versions":["9"],"ecosystem_specific":{"types":["RCE"],"spl":"2021-01-01","fixes":["https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004"],"severity":"Moderate","vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004","signature_type":"Function","target":{"function":"Load_SBit_Png","file":"src/sfnt/pngshim.c"},"signature_version":"v1","id":"ASB-A-171232105-369de529","digest":{"function_hash":"194011261781284787445973321418735434814","length":3189},"deprecated":false},{"source":"https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004","signature_type":"Line","target":{"file":"src/sfnt/pngshim.c"},"signature_version":"v1","id":"ASB-A-171232105-c2d61352","digest":{"threshold":0.9,"line_hashes":["208860372010935151343063066297222324914","233030270906213514960881824988592192726","215268173661816570473557084426646208708","134347666717980172232860258622704214640","149472428944486004085391017137533156713","303862154618928232714109744889947985112","339779475924866474542854574324866011491","6017163583475985116083763327437696333","176004433254996303573680865909396220616","322771888159213265172234683524941889829","309209274501869294504350979542704920374","152300273129484813905548252616649177409"]},"deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-171232105.json"}},{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-01-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["RCE"],"spl":"2021-01-01","fixes":["https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004"],"severity":"Moderate","vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004","signature_type":"Function","target":{"function":"Load_SBit_Png","file":"src/sfnt/pngshim.c"},"signature_version":"v1","id":"ASB-A-171232105-b258d5f8","digest":{"function_hash":"194011261781284787445973321418735434814","length":3189},"deprecated":false},{"source":"https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004","signature_type":"Line","target":{"file":"src/sfnt/pngshim.c"},"signature_version":"v1","id":"ASB-A-171232105-be87eb65","digest":{"threshold":0.9,"line_hashes":["208860372010935151343063066297222324914","233030270906213514960881824988592192726","215268173661816570473557084426646208708","134347666717980172232860258622704214640","149472428944486004085391017137533156713","303862154618928232714109744889947985112","339779475924866474542854574324866011491","6017163583475985116083763327437696333","176004433254996303573680865909396220616","322771888159213265172234683524941889829","309209274501869294504350979542704920374","152300273129484813905548252616649177409"]},"deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-171232105.json"}},{"package":{"name":"platform/external/freetype","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-01-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["RCE"],"spl":"2021-01-01","fixes":["https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004"],"severity":"Moderate","vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004","signature_type":"Function","target":{"function":"Load_SBit_Png","file":"src/sfnt/pngshim.c"},"signature_version":"v1","id":"ASB-A-171232105-633e02ed","digest":{"function_hash":"194011261781284787445973321418735434814","length":3189},"deprecated":false},{"source":"https://android.googlesource.com/platform/external/freetype/+/358c238408a1fdc357d9afef6811369a7701e004","signature_type":"Line","target":{"file":"src/sfnt/pngshim.c"},"signature_version":"v1","id":"ASB-A-171232105-acff3cac","digest":{"threshold":0.9,"line_hashes":["208860372010935151343063066297222324914","233030270906213514960881824988592192726","215268173661816570473557084426646208708","134347666717980172232860258622704214640","149472428944486004085391017137533156713","303862154618928232714109744889947985112","339779475924866474542854574324866011491","6017163583475985116083763327437696333","176004433254996303573680865909396220616","322771888159213265172234683524941889829","309209274501869294504350979542704920374","152300273129484813905548252616649177409"]},"deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-171232105.json"}}],"schema_version":"1.7.5"}