cbcvebase.

Debian Icu vulnerabilities

36 known vulnerabilities affecting debian/icu.

Total CVEs
36
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH13MEDIUM7LOW4

Vulnerabilities

Page 2 of 2
CVE-2013-2924P4HIGHCVSS 7.5fixed in icu 4.8.1.1-13+nmu1 (bookworm)2013
CVE-2013-2924 [HIGH] CVE-2013-2924: icu - Use-after-free vulnerability in International Components for Unicode (ICU), as u... Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Scope: local bookworm: resolved (fixed in 4.8.1.1-13+nmu1) bullseye: resolved (fixed in 4.8.1.1-13+nmu1) forky: resol
debian
CVE-2025-5222P4HIGHCVSS 7.0fixed in icu 72.1-3+deb12u1 (bookworm)2025
CVE-2025-5222 [HIGH] CVE-2025-5222: icu - A stack buffer overflow was found in Internationl components for unicode (ICU ).... A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. Scope: local bookworm: resolved (fixed in 72.1-3+deb12u1) bullseye: resolved (fixed in 67.1-7+deb11u1) forky: resolved (
debian
CVE-2014-7940P4HIGHCVSS 7.5fixed in icu 52.1-7.1 (bookworm)2014
CVE-2014-7940 [HIGH] CVE-2014-7940: icu - The collator implementation in i18n/ucol.cpp in International Components for Uni... The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. Scope: local bookworm
debian
CVE-2007-4771P4CRITICALCVSS 9.3fixed in icu 3.8-6 (bookworm)2007
CVE-2007-4771 [CRITICAL] CVE-2007-4771: icu - Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu ... Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some
debian
CVE-2014-7923P4HIGHCVSS 7.5fixed in icu 52.1-7.1 (bookworm)2014
CVE-2014-7923 [HIGH] CVE-2014-7923: icu - The Regular Expressions package in International Components for Unicode (ICU) 52... The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression. Scope: local bookworm: resolved (fixed in 52.1-7.1) bul
debian
CVE-2014-7926P4HIGHCVSS 7.5fixed in icu 52.1-7.1 (bookworm)2014
CVE-2014-7926 [HIGH] CVE-2014-7926: icu - The Regular Expressions package in International Components for Unicode (ICU) 52... The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier. Scope: local bookworm: resolved (fixed in 52.1-7.1) bul
debian
CVE-2015-2632P4MEDIUMCVSS 5.0fixed in icu 55.1-7 (bookworm)2015
CVE-2015-2632 [MEDIUM] CVE-2015-2632: icu - Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote a... Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Scope: local bookworm: resolved (fixed in 55.1-7) bullseye: resolved (fixed in 55.1-7) forky: resolved (fixed in 55.1-7) sid: resolved (fixed in 55.1-7) trixie: resolved (fixed in 55.1-7)
debian
CVE-2017-15422P4MEDIUMCVSS 6.5fixed in icu 57.1-9 (bookworm)2017
CVE-2017-15422 [MEDIUM] CVE-2017-15422: icu - Integer overflow in international date handling in International Components for ... Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Scope: local bookworm: resolved (fixed in 57.1-9) bullseye: resolved (fixed in 57.1-9) fo
debian
CVE-2007-4770P4MEDIUMCVSS 6.8fixed in icu 3.8-6 (bookworm)2007
CVE-2007-4770 [MEDIUM] CVE-2007-4770: icu - libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts ... libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. Scope: local bookworm: resolved (fixed in 3.8-6) bullseye: resolved (fixe
debian
CVE-2015-1270P4MEDIUMCVSS 6.8fixed in icu 55.1-5 (bookworm)2015
CVE-2015-1270 [MEDIUM] CVE-2015-1270: icu - The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Com... The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file. Scope: local
debian
CVE-2013-0900P4LOWCVSS 6.8fixed in icu 4.8.1.1-12 (bookworm)2013
CVE-2013-0900 [MEDIUM] CVE-2013-0900: icu - Race condition in the International Components for Unicode (ICU) functionality i... Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Scope: local bookworm: resolved (fixed in 4.8.1.1-12) bullseye: resolved (fixed i
debian
CVE-2014-6585P4LOWCVSS 2.6fixed in icu 52.1-7.1 (bookworm)2014
CVE-2014-6585 [LOW] CVE-2014-6585: icu - Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows ... Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591. Scope: local bookworm: resolved (fixed in 52.1-7.1) bullseye: resolved (fixed in 52.1-7.1) forky: resolved (fixed in 52.1-7.1) sid: resolved (fixed in 52.1-7.1) trixie: re
debian
CVE-2014-6591P4LOWCVSS 2.6fixed in icu 52.1-7 (bookworm)2014
CVE-2014-6591 [LOW] CVE-2014-6591: icu - Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u8... Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. Scope: local bookworm: resolved (fixed in 52.1-7) bullseye: resolved (fixed in 52.1-7) forky: resolved (fixed in 52.1-7) sid: resolved (fixed in 5
debian
CVE-2009-0153P4LOWCVSS 4.3fixed in icu 4.0.1-1 (bookworm)2009
CVE-2009-0153 [MEDIUM] CVE-2009-0153: icu - International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as ... International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct
debian
CVE-2020-21913P4MEDIUMCVSS 5.5fixed in icu 67.1-2 (bookworm)2020
CVE-2020-21913 [MEDIUM] CVE-2020-21913: icu - International Components for Unicode (ICU-20850) v66.1 was discovered to contain... International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. Scope: local bookworm: resolved (fixed in 67.1-2) bullseye: resolved (fixed in 67.1-2) forky: resolved (fixed in 67.1-2) sid: resolved (fixed in 67.1-2) trixie: resolved (fixed in 67.1-2
debian
CVE-2008-1036P4MEDIUMCVSS 4.3fixed in icu 4.0.1-1 (bookworm)2008
CVE-2008-1036 [MEDIUM] CVE-2008-1036: icu - The International Components for Unicode (ICU) library in Apple Mac OS X before ... The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. Scope: local bookworm: resolved (fixed in 4.0.1-1) bullseye:
debian
Debian Icu vulnerabilities | cvebase