Stack-based buffer overflow in the _canonicalize function in common/uloc.c
in International Components for Unicode (ICU) before 49.1 allows remote
attackers to execute arbitrary code via a crafted locale ID that is not
properly handled during variant canonicalization.
jdstrand> based on the patch, looks like a heap buffer overflow
Updated: 2015-10-17 03:37:08 UTC (commit 10086)