USN-2605-1

Source
https://ubuntu.com/security/notices/USN-2605-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2605-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-2605-1
Related
Published
2015-05-11T14:58:23.179633Z
Modified
2015-05-11T14:58:23.179633Z
Summary
icu vulnerabilities
Details

Pedro Ribeiro discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

References

Affected packages

Ubuntu:14.04:LTS / icu

Package

Name
icu
Purl
pkg:deb/ubuntu/icu?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
52.1-3ubuntu0.3

Affected versions

4.*

4.8.1.1-12ubuntu2
4.8.1.1-13+nmu1
4.8.1.1-13+nmu1ubuntu1

52.*

52.1-3
52.1-3ubuntu0.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "52.1-3ubuntu0.3",
            "binary_name": "icu-devtools"
        },
        {
            "binary_version": "52.1-3ubuntu0.3",
            "binary_name": "icu-devtools-dbgsym"
        },
        {
            "binary_version": "52.1-3ubuntu0.3",
            "binary_name": "icu-doc"
        },
        {
            "binary_version": "52.1-3ubuntu0.3",
            "binary_name": "libicu-dev"
        },
        {
            "binary_version": "52.1-3ubuntu0.3",
            "binary_name": "libicu-dev-dbgsym"
        },
        {
            "binary_version": "52.1-3ubuntu0.3",
            "binary_name": "libicu52"
        },
        {
            "binary_version": "52.1-3ubuntu0.3",
            "binary_name": "libicu52-dbg"
        },
        {
            "binary_version": "52.1-3ubuntu0.3",
            "binary_name": "libicu52-dbgsym"
        }
    ]
}