CVE-2014-8146

Priority
Medium
Description
The resolveImplicitLevels function in common/ubidi.c in the Unicode
Bidirectional Algorithm implementation in ICU4C in International Components
for Unicode (ICU) before 55.1 does not properly track directionally
isolated pieces of text, which allows remote attackers to cause a denial of
service (heap-based buffer overflow) or possibly execute arbitrary code via
crafted text.
References
Assigned-to
mdeslaur
Package
Source: icu (LP Ubuntu Debian)
Upstream:released (55.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (52.1-3ubuntu0.3)
Patches:
Upstream:http://bugs.icu-project.org/trac/changeset/37162
More Information

Updated: 2018-06-26 04:57:05 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)