Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-8146

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.

Related bugs and status

CVE-2014-8146 (Candidate) is related to these bugs:

Bug #1455823: Sync icu 52.1-9 (main) from Debian unstable (main)

Summary				In	Importance	Status
	1455823	Sync icu 52.1-9 (main) from Debian unstable (main)		icu (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2015050...
MISC: https://raw.githubuser...
CONFIRM: http://bugs.icu-projec...
CERT-VN: VU#602540
FULLDISC: 20150505 [CVE-2014-814...
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-09-16-1
APPLE: APPLE-SA-2015-09-16-3
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-09-21-1
APPLE: APPLE-SA-2015-09-30-3
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 74457
DEBIAN: DSA-3323
GENTOO: GLSA-201507-04
MISC: https://www.oracle.com...