Debian Icu vulnerabilities
36 known vulnerabilities affecting debian/icu.
Total CVEs
36
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH13MEDIUM7LOW4
Vulnerabilities
Page 1 of 2
CVE-2014-8146P2HIGHCVSS 7.5PoCfixed in icu 52.1-9 (bookworm)2014
CVE-2014-8146 [HIGH] CVE-2014-8146: icu - The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectiona...
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted te
debian
CVE-2014-8147P3HIGHCVSS 7.5PoCfixed in icu 52.1-9 (bookworm)2014
CVE-2014-8147 [HIGH] CVE-2014-8147: icu - The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectiona...
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary
debian
CVE-2013-2419P3MEDIUMCVSS 5.0PoCfixed in icu 52.1-1 (bookworm)2013
CVE-2013-2419 [MEDIUM] CVE-2013-2419: icu - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Ora...
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims fr
debian
CVE-2015-4844P3CRITICALCVSS 10.0fixed in icu 57.1-1.1 (bookworm)2015
CVE-2015-4844 [CRITICAL] CVE-2015-4844: icu - Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE E...
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Scope: local
bookworm: resolved (fixed in 57.1-1.1)
bullseye: resolved (fixed in 57.1-1.1)
forky: resolved (fixed in 57.1-1.1)
sid: resolved (fixed in 57.1-1.1)
t
debian
CVE-2017-14952P3CRITICALCVSS 9.8fixed in icu 57.1-7 (bookworm)2017
CVE-2017-14952 [CRITICAL] CVE-2017-14952: icu - Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) f...
Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.
Scope: local
bookworm: resolved (fixed in 57.1-7)
bullseye: resolved (fixed in 57.1-7)
forky: resolved (fixed in 57.1-7)
sid: resolv
debian
CVE-2015-4760P3CRITICALCVSS 10.0fixed in icu 52.1-10 (bookworm)2015
CVE-2015-4760 [CRITICAL] CVE-2015-4760: icu - Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote a...
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Scope: local
bookworm: resolved (fixed in 52.1-10)
bullseye: resolved (fixed in 52.1-10)
forky: resolved (fixed in 52.1-10)
sid: resolved (fixed in 52.1-10)
trixie: resolved (fixed in 52.1-10
debian
CVE-2013-1569P3CRITICALCVSS 10.0fixed in icu 52.1-1 (bookworm)2013
CVE-2013-1569 [CRITICAL] CVE-2013-1569: icu - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Ora...
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Ora
debian
CVE-2013-2384P3CRITICALCVSS 10.0fixed in icu 52.1-1 (bookworm)2013
CVE-2013-2384 [CRITICAL] CVE-2013-2384: icu - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Ora...
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, a
debian
CVE-2013-2383P3CRITICALCVSS 10.0fixed in icu 52.1-1 (bookworm)2013
CVE-2013-2383 [CRITICAL] CVE-2013-2383: icu - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Ora...
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, a
debian
CVE-2016-0494P3CRITICALCVSS 10.0fixed in icu 57.1-4 (bookworm)2016
CVE-2016-0494 [CRITICAL] CVE-2016-0494: icu - Unspecified vulnerability in the Java SE and Java SE Embedded components in Orac...
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Scope: local
bookworm: resolved (fixed in 57.1-4)
bullseye: resolved (fixed in 57.1-4)
forky: resolved (fixed in 57.1
debian
CVE-2011-4599P3HIGHCVSS 7.5fixed in icu 4.8.1.1-3 (bookworm)2011
CVE-2011-4599 [HIGH] CVE-2011-4599: icu - Stack-based buffer overflow in the _canonicalize function in common/uloc.c in In...
Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.
Scope: local
bookworm: resolved (fixed in 4.8.1.1-3)
bullseye: resolved (fixed in 4.8.1.1-3)
forky: resol
debian
CVE-2020-10531P3HIGHCVSS 8.8fixed in icu 63.2-3 (bookworm)2020
CVE-2020-10531 [HIGH] CVE-2020-10531: icu - An issue was discovered in International Components for Unicode (ICU) for C/C++ ...
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
Scope: local
bookworm: resolved (fixed in 63.2-3)
bullseye: resolved (fixed in 63.2-3)
forky: resolved (fixed in 63.2-3)
sid: resolved (fixed in
debian
CVE-2014-9911P3CRITICALCVSS 9.8fixed in icu 55.1-3 (bookworm)2014
CVE-2014-9911 [CRITICAL] CVE-2014-9911: icu - Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/...
Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.
Scope: local
bookworm: resolved (fixed in 55.1-3)
bullseye: resolved (fixe
debian
CVE-2016-7415P3CRITICALCVSS 9.8fixed in icu 57.1-5 (bookworm)2016
CVE-2016-7415 [CRITICAL] CVE-2016-7415: icu - Stack-based buffer overflow in the Locale class in common/locid.cpp in Internati...
Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.
Scope: local
bookworm: resolved (fixed in 57.1-5)
bullseye: resolved (fixed in 57.1-5)
forky
debian
CVE-2021-30535P3HIGHCVSS 8.8fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30535 [HIGH] CVE-2021-30535: chromium - Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attac...
Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 93.0.4577.82-1)
bullseye: resolved (fixed in 93.0.4577.82-1)
forky: resolved (fixed in 93.0.4577.82-1)
sid: resolved (fixed in 93.0.4577.82-1)
trixie: resolved (fixed in 93.0.45
debian
CVE-2018-18928P3CRITICALCVSS 9.8fixed in icu 63.1-3 (bookworm)2018
CVE-2018-18928 [CRITICAL] CVE-2018-18928: icu - International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflo...
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.
Scope: local
bookworm: resolved (fixed in 63.1-3)
bullseye: resolved (fixed in 63.1-3)
forky: resolved (fixed in 63.1-3)
sid: resolved (fixed in 63.1-3)
trixie: resolved (fixed in 63.1-3)
debian
CVE-2017-7867P3HIGHCVSS 7.5fixed in icu 57.1-6 (bookworm)2017
CVE-2017-7867 [HIGH] CVE-2017-7867: icu - International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an ou...
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.
Scope: local
bookworm: resolved (fixed in 57.1-6)
bullseye: resolved (fixed in 57.1-6)
forky: resolved (fixed in 57.1-6)
sid: resolved (fi
debian
CVE-2017-7868P3HIGHCVSS 7.5fixed in icu 57.1-6 (bookworm)2017
CVE-2017-7868 [HIGH] CVE-2017-7868: icu - International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an ou...
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.
Scope: local
bookworm: resolved (fixed in 57.1-6)
bullseye: resolved (fixed in 57.1-6)
forky: resolved (fixed in 57.1-6)
sid: resolved (fixed
debian
CVE-2016-6293P3CRITICALCVSS 9.8fixed in icu 57.1-4 (bookworm)2016
CVE-2016-6293 [CRITICAL] CVE-2016-6293: icu - The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Com...
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcce
debian
CVE-2014-9654P3HIGHCVSS 7.5fixed in icu 52.1-7.1 (bookworm)2014
CVE-2014-9654 [HIGH] CVE-2014-9654: icu - The Regular Expressions package in International Components for Unicode (ICU) fo...
The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a cra
debian
1 / 2Next →