CVE-2017-14952: Double Free
First published: Mon Oct 16 2017(Updated: )
International Components for Unicode (ICU) for C/C++ could allow a remote attacker to execute arbitrary code on the system, caused by a double free in i18n/zonemeta.cpp. By using a specially crafted string, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Icu-project International Components For Unicode | <=59.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp
- http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/133526
- https://www.ibm.com/support/pages/node/1073530 (Advisory)
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/ibm-support
- source/IBM
- vendor/icu-project
- canonical/icu-project international components for unicode
- version/icu-project international components for unicode/59.1