Computer Security
[EN] securityvulns.ru no-pyccku


libicu security vulnerabilities
Published:11.05.2015
Source:
SecurityVulns ID:14455
Type:library
Threat Level:
8/10
Description:Buffer overflow, integer overflow.
Affected:ICU : libicu 55
CVE:CVE-2014-8147 (The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.)
 CVE-2014-8146 (The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.)
Original documentdocumentPedro Ribeiro, [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL (11.05.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod