ICU Project ICU4C library, versions 52 through 54, contains a heap-based buffer overflow and an integer overflow.
The ICU Project describes ICU as "a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications."
CWE-122: Heap-based Buffer Overflow - CVE-2014-8146
An attacker may be able to provide input that triggers one or both overflow vulnerabilities, leading to denial of service and the possibility of code execution.
Apply an update
Debian GNU/Linux Affected
FreeBSD Project Affected
ICU Project Affected
SAP Not Affected
Apache HTTP Server Project Unknown
Avaya, Inc. Unknown
BAE Systems Unknown
Business Objects Unknown
Dell Computer Corporation, Inc. Unknown
EMC Corporation Unknown
Eclipse Foundation Inc Unknown
Gentoo Linux Unknown
Hewlett-Packard Company Unknown
IBM Corporation Unknown
Intel Corporation Unknown
Mandriva S. A. Unknown
Progress Software, Inc. Unknown
QNX Software Systems Inc. Unknown
SUSE Linux Unknown
Trend Micro Unknown
Yahoo, Inc. Unknown
Thanks to Pedro Ribeiro (email@example.com) of Agile Information Security for reporting this vulnerability.
This document was written by Joel Land.