Vulnerabilities > ICU Project > International Components FOR Unicode > 4.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-07-25 | CVE-2016-6293 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Icu-Project International Components for Unicode The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. | 9.8 |
2015-10-09 | CVE-2015-5922 | Memory Corruption vulnerability in ICU Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. | 10.0 |
2015-05-25 | CVE-2014-8146 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. | 7.5 |