CVE-2015-1270 (retired)

Priority
Description
The ucnv_io_getConverterName function in common/ucnv_io.cpp in
International Components for Unicode (ICU), as used in Google Chrome before
44.0.2403.89, mishandles converter names with initial x- substrings, which
allows remote attackers to cause a denial of service (read of uninitialized
memory) or possibly have unspecified other impact via a crafted file.
Notes
 mdeslaur> patch is mis-applied in icu 55.1-4
Package
Upstream:released (44.0.2403.89)
Ubuntu 16.04 LTS (Xenial Xerus):released (44.0.2403.89-0ubuntu1.1195)
Patches:
Upstream:https://chromium.googlesource.com/chromium/deps/icu/+/f1ad7f9ba957571dc692ea3e187612c685615e19
Package
Source: icu (LP Ubuntu Debian)
Upstream:needed
Ubuntu 16.04 LTS (Xenial Xerus):released (55.1-4ubuntu1)
Patches:
Upstream:http://bugs.icu-project.org/trac/changeset/37486
Package
Upstream:released (1.8.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.4-0ubuntu1)
More Information

Updated: 2019-08-23 09:05:49 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)