cbcvebase.
CVE-2014-8147
published 2015-05-25

CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode…

PriorityP357high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
23.35%
97.5th percentile
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.

Affected

8 ranges
VendorProductVersion rangeFixed in
appleios_9
appleitunes
applemac_os_x<= 10.10.4
appleos_x_el_capitan_v10.11
applewatchos<= 1.0.1
applewatchos_2
debianicu< icu 52.1-9 (bookworm)icu 52.1-9 (bookworm)
icu-projectinternational_components_for_unicode< 55.155.1

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/43887.zip
pathcommon/ubidi.c
  • The vulnerability is triggered in the resolveImplicitLevels function in common/ubidi.c at line 2248 (ICU 52), where pBiDi->isolates[].state (int16_t) is assigned from levState.state (int32_t), causing integer truncation. Monitor for crashes or unexpected malloc/free errors in ICU-linked processes when processing bidirectional text.
  • The vulnerability can be triggered via crafted text processed by any application embedding ICU versions 52 through 54. Look for application crashes with 'incorrect malloc followed by invalid free' patterns in ICU-linked software (e.g., LibreOffice, browsers, OS components).
  • The overflow causes an error when performing a malloc on pBiDi->insertPoints->points because insertPoints is adjacent in memory to isolates[]. Heap corruption indicators in memory forensics near the insertPoints structure should be investigated.
  • ·All ICU releases between versions 52 and 54 (inclusive) are affected. ICU 55.1 contains the fix. Many software packages embed ICU code and require independent updates.
  • ·Red Hat has marked this CVE as 'Will not fix' across multiple products including RHEL 5, 6, 7, Red Hat Directory Server 8, and Red Hat OpenShift Enterprise 2.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.