CVE-2014-8147

Apple Mac OS X < 10.10.4 - Numeric Error

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8147. PoCs published by Pedro Ribeiro.

AI-analyzed exploit summary The writeup describes two vulnerabilities (CVE-2014-8146 and CVE-2014-8147) in the ICU library, including a heap overflow and an integer overflow. It provides technical details, affected versions, and references to proof-of-concept files but does not include executable exploit code.

Description

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.

Exploits (1)

exploitdb WRITEUP

by Pedro Ribeiro · textlocalmultiple

https://www.exploit-db.com/exploits/43887

View Code ZIP pw:eip

The writeup describes two vulnerabilities (CVE-2014-8146 and CVE-2014-8147) in the ICU library, including a heap overflow and an integer overflow. It provides technical details, affected versions, and references to proof-of-concept files but does not include executable exploit code.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: ICU library versions 52 to 54

No auth needed

Prerequisites: Vulnerable version of ICU library (52-54) · Application using the ICU library (e.g., LibreOffice)

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16

Core References

Exploit x_refsource_misc

https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Patch x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201507-04

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/602540

Third Party Advisory x_refsource_confirm

https://support.apple.com/HT205267

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2015/May/14

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2015/05/05/6

Third Party Advisory x_refsource_confirm

https://support.apple.com/HT205213

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/74457

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3323

Issue Tracking, Vendor Advisory x_refsource_confirm

http://bugs.icu-project.org/trac/changeset/37080

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Vendor Advisory x_refsource_misc

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E

Scores

EPSS 0.2318

EPSS Percentile 97.5%

Details

CWE

CWE-189

Status published

Products (3)

apple/mac_os_x < 10.10.4

apple/watchos < 1.0.1

icu-project/international_components_for_unicode < 55.1

Published May 25, 2015

Tracked Since Feb 18, 2026