CVE-2015-1270

CWE-1913 documents8 sources

Severity

6.8MEDIUM

EPSS

1.2%

top 21.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Debian Linux Opensuse Opensuse +5 more

Timeline

PublishedJul 23

Latest updateMay 14

Description

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages8 packages

▶NVDgoogle/chrome43.0.2357.134

▶Debianicu< 55.1-5+3

▶Ubuntuicu< 52.1-3ubuntu0.4

▶Ubuntuoxide-qt< 1.8.4-0ubuntu0.14.04.2

▶NVDoracle/solaris11.3

Also affects: Debian Linux 8.0, Enterprise Linux 6.0, 6.7z

🔴Vulnerability Details

GHSA

GHSA-cjg8-m6hh-w76f: The ucnv_io_getConverterName function in common/ucnv_io↗2022-05-14

▶

OSV

icu vulnerabilities↗2015-09-16

▶

OSV

oxide-qt vulnerabilities↗2015-08-04

▶

CVEList

CVE-2015-1270: The ucnv_io_getConverterName function in common/ucnv_io↗2015-07-23

▶

OSV

CVE-2015-1270: The ucnv_io_getConverterName function in common/ucnv_io↗2015-07-23

▶

📋Vendor Advisories

Ubuntu

ICU vulnerabilities↗2015-09-16

▶

Ubuntu

Oxide vulnerabilities↗2015-08-04

▶

Red Hat

ICU: Uninitialized memory read fixed in Chrome 44.0.2403.89↗2015-07-21

▶

Debian

CVE-2015-1270: icu - The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Com...↗2015

▶

💬Community

Bugzilla

CVE-2015-1270 mingw-icu: chromium-browser: Uninitialized memory read in ICU. [epel-7]↗2015-07-28

▶

Bugzilla

CVE-2015-1270 icu: chromium-browser: Uninitialized memory read in ICU. [fedora-all]↗2015-07-28

▶

Bugzilla

CVE-2015-1270 ICU: Uninitialized memory read fixed in Chrome 44.0.2403.89↗2015-07-22

▶