VYPR
Vendor

Unicode

Products
10
CVEs
34
Across products
47
Status
Private

Products

10

Recent CVEs

34
View all 34 CVEs →
  • CVE-2017-17484CriDec 10, 2017
    risk 0.64cvss 9.8epss 0.05

    The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and…

  • CVE-2017-14952CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.05

    Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.

  • CVE-2017-11362CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.03

    In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact…

  • CVE-2014-9654CriApr 24, 2017
    risk 0.64cvss 9.8epss 0.02

    The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to…

  • CVE-2014-9911CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.05

    Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted…

  • CVE-2016-7415CriSep 17, 2016
    risk 0.64cvss 9.8epss 0.06

    Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.

  • CVE-2016-6293CriJul 25, 2016
    risk 0.64cvss 9.8epss 0.05

    The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service…

  • CVE-2017-7868HigApr 14, 2017
    risk 0.49cvss 7.5epss 0.04

    International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.

  • CVE-2017-7867HigApr 14, 2017
    risk 0.49cvss 7.5epss 0.05

    International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.

  • CVE-2017-15396MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15422MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2025-5222HigMay 27, 2025
    risk 0.39cvss 7.0epss 0.00

    A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

  • CVE-2014-8147May 25, 2015
    risk 0.05cvss epss 0.23

    The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause…

  • CVE-2014-8146May 25, 2015
    risk 0.05cvss epss 0.24

    The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a…

  • CVE-2013-2419Apr 17, 2013
    risk 0.05cvss epss 0.23

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. …

  • CVE-2021-42574Nov 1, 2021
    risk 0.02cvss epss 0.12

    An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens…

  • CVE-2021-42694Nov 1, 2021
    risk 0.01cvss epss 0.04

    An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can…

  • CVE-2013-2384Apr 17, 2013
    risk 0.01cvss epss 0.09

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via…

  • CVE-2013-2383Apr 17, 2013
    risk 0.01cvss epss 0.09

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via…

  • CVE-2013-1569Apr 17, 2013
    risk 0.01cvss epss 0.09

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via…