CVE-2020-15999
ENISA EUVD: EUVD-2020-1435 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
9 articles
EPSS Score
Source: FIRST.org · 2026-05-24
93.03%
probability
This CVE has a 93.03% probability
of being exploited in the next 30 days.
0%
Top 99.8th percentile of all CVEs
100%
CVSS v3.1
Source: NVD9.6
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Description
Project ZeroHeap buffer overflow in typescript Load_SBit_Png
Affected Products
Attack Intelligence
Google Project Zero
Discovered
Oct. 19, 2020
Patched
Oct. 20, 2020
Reported by
Google Project Zero
Root Cause Analysis
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2020/CVE-2020-15999.html
Exploits & PoC
oxfemale/CVE-2020-15999
CVE-2020-15999
3
maarlo/CVE-2020-15999
Repositorio con un script encargado de explotar la vulnerabilidad CVE-2020-15999
1
2 repos — triés par ⭐
Rechercher sur GitHub ↗
New Google Chrome version fixes actively exploited zero-day bug
BleepingComputer
Oct 20, 2020
Google fixes more Chrome zero-days exploited in the wild
BleepingComputer
Nov 12, 2020
Apple patches three actively exploited iOS zero-days
BleepingComputer
Nov 05, 2020
Hacking group used 11 zero-days to attack Windows, iOS, Android users
BleepingComputer
Mar 20, 2021
Firefox 83 boosts security with HTTPS-Only mode, zero-day fix
BleepingComputer
Nov 17, 2020
Vulnerability Detection Pipeline
Qualys
Sep 16, 2020
Signal Intelligence
Confidence
95%
EPSS
93.03%
CVSS v3.1
9.6
Mentions
9
Last Seen
Mar 20, 2021
CNA Information
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Triage Info
Decided atMar 05, 2026