CVE-2013-2924
Description
Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in ICU library allows remote attackers to cause denial of service via crafted Unicode strings.
Vulnerability
A use-after-free vulnerability exists in International Components for Unicode (ICU), specifically in the C library ICU4C, as used in Google Chrome before 30.0.1599.66 and other products [1]. The flaw occurs when processing crafted Unicode strings, leading to the use of freed memory. Affected versions include ICU4C before 52.1 and any product relying on those versions [1].
Exploitation
An attacker can exploit this vulnerability by sending specially crafted Unicode data to an application that uses the vulnerable ICU4C library [1]. No authentication is required, and the attack can be launched remotely. The exact vectors are not publicly disclosed, but the condition is triggered during string processing.
Impact
Successful exploitation can cause a denial of service (application crash) [1]. The official description also mentions the possibility of unspecified other impact, though no further details are provided.
Mitigation
The vulnerability is fixed in ICU4C version 52.1, released on October 9, 2013 [1]. Google Chrome addressed the issue in version 30.0.1599.66. Users should update to the latest versions of affected products. No workarounds are documented.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
62cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 59 more
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=30.0.1599.65
- cpe:2.3:a:google:chrome:30.0.1599.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:30.0.1599.9:*:*:*:*:*:*:*
- (no CPE)range: < 30.0.1599.66
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- bugs.icu-project.org/trac/ticket/10318nvd
- googlechromereleases.blogspot.com/2013/10/stable-channel-update.htmlnvd
- jvn.jp/en/jp/JVN85336306/index.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-01/msg00042.htmlnvd
- www.debian.org/security/2013/dsa-2785nvd
- www.debian.org/security/2013/dsa-2786nvd
- www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlnvd
- www.securityfocus.com/bid/64758nvd
- code.google.com/p/chromium/issues/detailnvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19017nvd
- src.chromium.org/viewvc/chromenvd
News mentions
0No linked articles in our index yet.