CVE-2015-1270

Priority
Description
The ucnv_io_getConverterName function in common/ucnv_io.cpp in
International Components for Unicode (ICU), as used in Google Chrome before
44.0.2403.89, mishandles converter names with initial x- substrings, which
allows remote attackers to cause a denial of service (read of uninitialized
memory) or possibly have unspecified other impact via a crafted file.
Notes
mdeslaurpatch is mis-applied in icu 55.1-4
Package
Upstream:released (44.0.2403.89)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [44.0.2403.89-0ubuntu0.14.04.1.1095])
Ubuntu 16.04 LTS (Xenial Xerus):released (44.0.2403.89-0ubuntu1.1195)
Patches:
Upstream:https://chromium.googlesource.com/chromium/deps/icu/+/f1ad7f9ba957571dc692ea3e187612c685615e19
Package
Source: icu (LP Ubuntu Debian)
Upstream:needed
Ubuntu 14.04 ESM (Trusty Tahr):released (52.1-3ubuntu0.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (55.1-4ubuntu1)
Patches:
Upstream:http://bugs.icu-project.org/trac/changeset/37486
Package
Upstream:released (1.8.4)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.8.4-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.4-0ubuntu1)
More Information

Updated: 2020-01-29 19:51:31 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)