ICU Project ICU4C library, versions 52 through 54, contains a heap-based buffer overflow and an integer overflow.
The ICU Project describes ICU as "a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications."
CWE-122: Heap-based Buffer Overflow - CVE-2014-8146
An attacker may be able to provide input that triggers one or both overflow vulnerabilities, leading to denial of service and the possibility of code execution.
Apply an update
Thanks to Pedro Ribeiro (email@example.com) of Agile Information Security for reporting this vulnerability.
This document was written by Joel Land.