CVE-2014-8146

iTunes < 12.1.3 - Heap-Based Buffer Overflow in Unicode Bidirectional Algorithm

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8146.

AI-analyzed exploit summary This is a technical writeup detailing two vulnerabilities (CVE-2014-8146 and CVE-2014-8147) in the ICU library, including root cause analysis, affected code snippets, and references to proof-of-concept files. It explains heap overflow and integer overflow issues in the `ubidi.c` file.

Description

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.

Exploits (1)

exploitdb WRITEUP

localmultiple

https://www.exploit-db.com/exploits/43887

View Code ZIP pw:eip

This is a technical writeup detailing two vulnerabilities (CVE-2014-8146 and CVE-2014-8147) in the ICU library, including root cause analysis, affected code snippets, and references to proof-of-concept files. It explains heap overflow and integer overflow issues in the `ubidi.c` file.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: ICU library versions 52 to 54

No auth needed

Prerequisites: Vulnerable version of ICU library (52-54) · Application using the ICU library (e.g., LibreOffice)

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (19)

Core 19

Core References

Third Party Advisory x_refsource_confirm

https://support.apple.com/HT205221

Exploit x_refsource_misc

https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt

Issue Tracking, Vendor Advisory x_refsource_confirm

http://bugs.icu-project.org/trac/changeset/37162

Third Party Advisory x_refsource_confirm

https://support.apple.com/HT205212

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Patch x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201507-04

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/602540

Third Party Advisory x_refsource_confirm

https://support.apple.com/HT205267

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2015/May/14

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2015/05/05/6

Third Party Advisory x_refsource_confirm

https://support.apple.com/HT205213

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/74457

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3323

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Vendor Advisory x_refsource_misc

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Scores

EPSS 0.2429

EPSS Percentile 97.6%

Details

CWE

CWE-119

Status published

Products (5)

apple/iphone_os < 8.2

apple/itunes < 12.1.3

apple/mac_os_x < 10.10.4

apple/watchos < 1.0.1

icu-project/international_components_for_unicode < 55.1

Published May 25, 2015

Tracked Since Feb 18, 2026