rpm package
opensuse/icu&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/icu&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-5222 | Hig | 7.0 | < 77.1-3.1 | 77.1-3.1 | May 27, 2025 | A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. | |
| CVE-2020-21913 | — | < 73.2-2.1 | 73.2-2.1 | Sep 20, 2021 | International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. | ||
| CVE-2020-10531 | — | < 73.2-2.1 | 73.2-2.1 | Mar 12, 2020 | An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. | ||
| CVE-2008-1036 | — | < 69.1-2.3 | 69.1-2.3 | Jun 2, 2008 | The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cros | ||
| CVE-2007-4770 | — | < 69.1-2.3 | 69.1-2.3 | Jan 29, 2008 | libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption |
- affected < 77.1-3.1fixed 77.1-3.1
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
- CVE-2020-21913Sep 20, 2021affected < 73.2-2.1fixed 73.2-2.1
International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.
- CVE-2020-10531Mar 12, 2020affected < 73.2-2.1fixed 73.2-2.1
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
- CVE-2008-1036Jun 2, 2008affected < 69.1-2.3fixed 69.1-2.3
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cros
- CVE-2007-4770Jan 29, 2008affected < 69.1-2.3fixed 69.1-2.3
libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption