JLSEC-2026-456

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-456.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-456.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-456
Upstream
Published
2026-05-07T14:50:29.650Z
Modified
2026-05-07T15:00:09.810897Z
Summary
[none]
Details

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Database specific 
{
    "sources": [
        {
            "id": "CVE-2020-15999",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15999",
            "modified": "2025-10-24T20:57:27.670Z",
            "imported": "2026-05-07T14:22:19.379Z",
            "published": "2020-11-03T03:15:14.853Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2020-15999",
            "database_specific": {
                "status": "Analyzed"
            }
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / FreeType2_jll

Package

Name
FreeType2_jll
Purl
pkg:julia/FreeType2_jll?uuid=d7e528f0-a631-5988-bf34-fe36492bcfd7

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.4+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-456.json"