Debian Icu vulnerabilities

37 known vulnerabilities affecting debian/icu.

Total CVEs

37

CISA KEV

0

Public exploits

3

Exploited in wild

0

Severity breakdown

CRITICAL12HIGH13MEDIUM7LOW5

Vulnerabilities

Page 2 of 2

CVE-2014-8146HIGHCVSS 7.5PoCfixed in icu 52.1-9 (bookworm)2014

CVE-2014-8146 [HIGH] CVE-2014-8146: icu - The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectiona... The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted te

CVE-2014-7926HIGHCVSS 7.5fixed in icu 52.1-7.1 (bookworm)2014

CVE-2014-7926 [HIGH] CVE-2014-7926: icu - The Regular Expressions package in International Components for Unicode (ICU) 52... The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier. Scope: local bookworm: resolved (fixed in 52.1-7.1) bul

CVE-2014-9654HIGHCVSS 7.5fixed in icu 52.1-7.1 (bookworm)2014

CVE-2014-9654 [HIGH] CVE-2014-9654: icu - The Regular Expressions package in International Components for Unicode (ICU) fo... The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a cra

CVE-2014-7940HIGHCVSS 7.5fixed in icu 52.1-7.1 (bookworm)2014

CVE-2014-7940 [HIGH] CVE-2014-7940: icu - The collator implementation in i18n/ucol.cpp in International Components for Uni... The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. Scope: local bookworm

CVE-2014-6591LOWCVSS 2.6fixed in icu 52.1-7 (bookworm)2014

CVE-2014-6591 [LOW] CVE-2014-6591: icu - Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u8... Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. Scope: local bookworm: resolved (fixed in 52.1-7) bullseye: resolved (fixed in 52.1-7) forky: resolved (fixed in 52.1-7) sid: resolved (fixed in 5

CVE-2014-6585LOWCVSS 2.6fixed in icu 52.1-7.1 (bookworm)2014

CVE-2014-6585 [LOW] CVE-2014-6585: icu - Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows ... Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591. Scope: local bookworm: resolved (fixed in 52.1-7.1) bullseye: resolved (fixed in 52.1-7.1) forky: resolved (fixed in 52.1-7.1) sid: resolved (fixed in 52.1-7.1) trixie: re

CVE-2013-2384CRITICALCVSS 10.0fixed in icu 52.1-1 (bookworm)2013

CVE-2013-2384 [CRITICAL] CVE-2013-2384: icu - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Ora... Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, a

CVE-2013-1569CRITICALCVSS 10.0fixed in icu 52.1-1 (bookworm)2013

CVE-2013-1569 [CRITICAL] CVE-2013-1569: icu - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Ora... Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Ora

CVE-2013-2383CRITICALCVSS 10.0fixed in icu 52.1-1 (bookworm)2013

CVE-2013-2383 [CRITICAL] CVE-2013-2383: icu - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Ora... Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, a

CVE-2013-2924HIGHCVSS 7.5fixed in icu 4.8.1.1-13+nmu1 (bookworm)2013

CVE-2013-2924 [HIGH] CVE-2013-2924: icu - Use-after-free vulnerability in International Components for Unicode (ICU), as u... Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Scope: local bookworm: resolved (fixed in 4.8.1.1-13+nmu1) bullseye: resolved (fixed in 4.8.1.1-13+nmu1) forky: resol

CVE-2013-2419MEDIUMCVSS 5.0PoCfixed in icu 52.1-1 (bookworm)2013

CVE-2013-2419 [MEDIUM] CVE-2013-2419: icu - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Ora... Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims fr

CVE-2013-0900LOWCVSS 6.8fixed in icu 4.8.1.1-12 (bookworm)2013

CVE-2013-0900 [MEDIUM] CVE-2013-0900: icu - Race condition in the International Components for Unicode (ICU) functionality i... Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Scope: local bookworm: resolved (fixed in 4.8.1.1-12) bullseye: resolved (fixed i

CVE-2011-4599HIGHCVSS 7.5fixed in icu 4.8.1.1-3 (bookworm)2011

CVE-2011-4599 [HIGH] CVE-2011-4599: icu - Stack-based buffer overflow in the _canonicalize function in common/uloc.c in In... Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization. Scope: local bookworm: resolved (fixed in 4.8.1.1-3) bullseye: resolved (fixed in 4.8.1.1-3) forky: resol

CVE-2009-0153LOWCVSS 4.3fixed in icu 4.0.1-1 (bookworm)2009

CVE-2009-0153 [MEDIUM] CVE-2009-0153: icu - International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as ... International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct

CVE-2008-1036MEDIUMCVSS 4.3fixed in icu 4.0.1-1 (bookworm)2008

CVE-2008-1036 [MEDIUM] CVE-2008-1036: icu - The International Components for Unicode (ICU) library in Apple Mac OS X before ... The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. Scope: local bookworm: resolved (fixed in 4.0.1-1) bullseye:

CVE-2007-4771CRITICALCVSS 9.3fixed in icu 3.8-6 (bookworm)2007

CVE-2007-4771 [CRITICAL] CVE-2007-4771: icu - Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu ... Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some

CVE-2007-4770MEDIUMCVSS 6.8fixed in icu 3.8-6 (bookworm)2007

CVE-2007-4770 [MEDIUM] CVE-2007-4770: icu - libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts ... libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. Scope: local bookworm: resolved (fixed in 3.8-6) bullseye: resolved (fixe

← Previous2 / 2