The stringprep_utf8_to_ucs4 function in libin prior to 1.31, as used in jabberd2, allows context-dependent malicious users to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu libidn |
||
opensuse opensuse 13.2 |
||
opensuse opensuse 13.1 |
||
fedoraproject fedora 21 |
||
fedoraproject fedora 22 |