MGASA-2015-0286

Advisory lineage Upstream: 3 Downstream: 0

Upstream

CVE-2014-8146 CVE-2014-8147 CVE-2015-1270

Published: 27 Jul 2015, 17:34

Last modified:16 Apr 2026, 06:23

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 Jul 2015, 17:34

Published

Vulnerability first disclosed

16 Apr 2026, 06:23

Last Modified

Vulnerability information updated

Description

Updated icu package fixes security vulnerabilities The ICU Project's ICU4C library, before 55.1, contains a heap-based buffer overflow in the resolveImplicitLevels function of ubidi.c (CVE-2014-8146). The ICU Project's ICU4C library, before 55.1, contains an integer overflow in the resolveImplicitLevels function of ubidi.c due to the assignment of an int32 value to an int16 type (CVE-2014-8147). The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU) mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file (CVE-2015-1270).

Affected Systems

mageia•icu
< 52.1-2.4.mga4

MGASA-2015-0286

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)