Stack-based buffer overflow in the _canonicalize function in common/uloc.c
in International Components for Unicode (ICU) before 49.1 allows remote
attackers to execute arbitrary code via a crafted locale ID that is not
properly handled during variant canonicalization.
jdstrand> based on the patch, looks like a heap buffer overflow
Updated: 2016-01-26 17:41:14 UTC (commit 10507)