What is the severity of CVE-2020-15964?

CVE-2020-15964 is classified as a high-severity vulnerability due to its potential to allow remote attackers to exploit heap corruption.

How do I fix CVE-2020-15964?

To fix CVE-2020-15964, update Google Chrome or Chromium to version 85.0.4183.121 or later.

What software is affected by CVE-2020-15964?

CVE-2020-15964 affects Google Chrome versions prior to 85.0.4183.121 and various versions of Chromium on Debian and openSUSE.

Can CVE-2020-15964 be exploited remotely?

Yes, CVE-2020-15964 allows remote attackers to exploit the vulnerability via a crafted HTML page.

What kind of attack does CVE-2020-15964 facilitate?

CVE-2020-15964 facilitates heap corruption attacks that can potentially lead to arbitrary code execution.

Vulnerability/
CVE-2020-15964

high

8.8

CWE

20 476 787

25/8/2020

21/9/2020

4/8/2024

CVE-2020-15964: Insufficient data validation in media

First published: Tue Aug 25 2020(Updated: )

Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Credit: chrome-cve-admin@google.com Woojin Oh @pwn_expoit STEALIEN

Affected Software	Affected Version	How to fix
debian/chromium		90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1
Google Chrome (Trace Event)	<85.0.4183.121	85.0.4183.121
Google Chrome	<85.0.4183.121
openSUSE Backports	=15.0-sp1
openSUSE Backports	=15.0-sp2
SUSE Linux	=15.1
SUSE Linux	=15.2
Red Hat Fedora	=31
Red Hat Fedora	=32
Red Hat Fedora	=33
Debian Linux	=10.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

8695274602893790168

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2020-15964?
CVE-2020-15964 is classified as a high-severity vulnerability due to its potential to allow remote attackers to exploit heap corruption.
How do I fix CVE-2020-15964?
To fix CVE-2020-15964, update Google Chrome or Chromium to version 85.0.4183.121 or later.
What software is affected by CVE-2020-15964?
CVE-2020-15964 affects Google Chrome versions prior to 85.0.4183.121 and various versions of Chromium on Debian and openSUSE.
Can CVE-2020-15964 be exploited remotely?
Yes, CVE-2020-15964 allows remote attackers to exploit the vulnerability via a crafted HTML page.
What kind of attack does CVE-2020-15964 facilitate?
CVE-2020-15964 facilitates heap corruption attacks that can potentially lead to arbitrary code execution.

collector/security-tracker-debian
agent/type
agent/weakness
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/description
agent/severity
agent/title
agent/author
agent/first-publish-date
agent/event
agent/trending
agent/source
collector/chrome-releases
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
package-manager/debian
vendor/google
canonical/google chrome (trace event)
canonical/google chrome
vendor/opensuse
canonical/opensuse backports
version/opensuse backports/15.0-sp1
version/opensuse backports/15.0-sp2
canonical/suse linux
version/suse linux/15.1
version/suse linux/15.2
vendor/fedoraproject
canonical/red hat fedora
version/red hat fedora/31
version/red hat fedora/32
version/red hat fedora/33
vendor/debian
canonical/debian linux
version/debian linux/10.0