VYPR

International Components for Unicode

by Unicode

Source repositories

CVEs (19)

  • CVE-2017-17484CriDec 10, 2017
    risk 0.64cvss 9.8epss 0.05

    The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and…

  • CVE-2017-14952CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.05

    Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.

  • CVE-2014-9654CriApr 24, 2017
    risk 0.64cvss 9.8epss 0.02

    The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to…

  • CVE-2014-9911CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.05

    Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted…

  • CVE-2016-6293CriJul 25, 2016
    risk 0.64cvss 9.8epss 0.05

    The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service…

  • CVE-2017-7868HigApr 14, 2017
    risk 0.49cvss 7.5epss 0.04

    International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.

  • CVE-2017-7867HigApr 14, 2017
    risk 0.49cvss 7.5epss 0.05

    International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.

  • CVE-2025-5222HigMay 27, 2025
    risk 0.39cvss 7.0epss 0.00

    A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

  • CVE-2014-8147May 25, 2015
    risk 0.05cvss epss 0.23

    The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause…

  • CVE-2014-8146May 25, 2015
    risk 0.05cvss epss 0.24

    The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a…

  • CVE-2011-4599Jun 21, 2012
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.

  • CVE-2020-10531Mar 12, 2020
    risk 0.00cvss epss 0.03

    An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

  • CVE-2015-5922Oct 9, 2015
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.

  • CVE-2015-1270Jul 23, 2015
    risk 0.00cvss epss 0.03

    The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of…

  • CVE-2014-7940Jan 22, 2015
    risk 0.00cvss epss 0.02

    The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or…

  • CVE-2014-7926Jan 22, 2015
    risk 0.00cvss epss 0.02

    The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via…

  • CVE-2014-7923Jan 22, 2015
    risk 0.00cvss epss 0.02

    The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via…

  • CVE-2007-4771Jan 29, 2008
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a…

  • CVE-2007-4770Jan 29, 2008
    risk 0.00cvss epss 0.03

    libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to…