Published: 25/05/2015 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) prior to 55.1 uses an integer data type that is inconsistent with a header file, which allows remote malicious users to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple watchos
apple mac os x
icu-project international components for unicode

Debian Bug report logs - #784773 icu: CVE-2014-8146 and CVE-2014-8147 Package: icu; Maintainer for icu is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Marc Deslauriers <marcdeslauriers@ubuntucom> Date: Fri, 8 May 2015 17:27:02 UTC Severity: normal Tags: patch, security Found in versions 521-8, 521-1 ...

ICU could be made to crash or run programs as your login if it processed specially crafted data ...

Several vulnerabilities were discovered in the International Components for Unicode (ICU) library CVE-2014-8146 The Unicode Bidirectional Algorithm implementation does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execut ...

The resolveImplicitLevels function in common/ubidic in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 551 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or pos ...

>> Heap overflow and integer overflow in ICU library (v52 to v54) >> Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ================================================================================= Disclosure: 04/05/2015 / Last updated: 07/05/2015 >> Background on the affected products: ICU is a mature ...

CWE-189 https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt http://www.kb.cert.org/vuls/id/602540 http://openwall.com/lists/oss-security/2015/05/05/6 http://bugs.icu-project.org/trac/changeset/37080 http://seclists.org/fulldisclosure/2015/May/14 https://support.apple.com/HT205267 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html https://support.apple.com/HT205213 http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/74457 https://security.gentoo.org/glsa/201507-04 http://www.debian.org/security/2015/dsa-3323 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773 https://usn.ubuntu.com/2605-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/43887/https://access.redhat.com/security/cve/cve-2014-8147

CVE-2014-8147

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect