Stack-based buffer overflow in the _canonicalize function in common/uloc.c
in International Components for Unicode (ICU) before 49.1 allows remote
attackers to execute arbitrary code via a crafted locale ID that is not
properly handled during variant canonicalization.
jdstrand> based on the patch, looks like a heap buffer overflow
Updated: 2016-03-23 03:39:06 UTC (commit 10817)