CVE-2017-7867
HIGHInternational Components for Unicode < 58.2 - Out-of-bounds Write via utf8TextAccess Function
Title source: llmDescription
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.
References (6)
Core 6
Core References
Patch x_refsource_misc
http://bugs.icu-project.org/trac/changeset/39671
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3830
Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201710-03
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97672
Vendor Advisory x_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Scores
CVSS v3
7.5
EPSS
0.0463
EPSS Percentile
90.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-787
Status
published
Products (2)
debian/debian_linux
8.0
icu-project/international_components_for_unicode
< 58.2
Published
Apr 14, 2017
Tracked Since
Feb 18, 2026