Информационная безопасность
[RU] switch to English


Уязвимости безопасности в libicu
Опубликовано:11 мая 2015 г.
Источник:
SecurityVulns ID:14455
Тип:библиотека
Уровень опасности:
8/10
Описание:Переполнение буфера, целочисленное переполнение.
Затронутые продукты:ICU : libicu 55
CVE:CVE-2014-8147 (The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.)
 CVE-2014-8146 (The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.)
Оригинальный текстdocumentPedro Ribeiro, [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL (11.05.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород