CVE-2015-2426

ENISA EUVD: EUVD-2015-2519 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

91.75%

probability

This CVE has a 91.75% probability of being exploited in the next 30 days.

0% Top 99.7th percentile of all CVEs 100%

CVSS v3.1

Source: NVD

8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Project Zero

OpenType Font Driver buffer overflow in ZwGdiAddFontMemResourceEx

Affected Products

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-124 · Buffer Underwrite ('Buffer Underflow') CWE-664 · Improper Control of a Resource Through its Lifetime CWE-786 CWE-787 · Out-of-bounds Write

Google Project Zero

Discovered

July 5, 2015

Patched

July 20, 2015

Reported by

Mateusz Jurczyk of Google Project Zero, Genwei Jiang of FireEye, Moony Li of TrendMicro

Root Cause Analysis

???

Exploits & PoC

Signal Intelligence

Confidenceⓘ

95%

EPSS 91.75%

CVSS v3.1 8.8

Mentions 0

CNA Information

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Threat Actors 2

Mirage

apt_group Information theft and espionage 🇨🇳 CN

Naikon

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 05, 2026