Stack-based buffer overflow in the _canonicalize function in common/uloc.c
in International Components for Unicode (ICU) before 49.1 allows remote
attackers to execute arbitrary code via a crafted locale ID that is not
properly handled during variant canonicalization.
jdstrand> based on the patch, looks like a heap buffer overflow
Updated: 2015-07-29 20:40:16 UTC (commit 9756)