CVE-2007-4770

EPSS 3.7%

icu - multiple problems

Published: 1/29/2008Modified: 4/28/2026

Description

libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.

Affected packages (2)

Debian/icufrom 0, < 3.8-6
Debian/icufrom 0, < 3.6-2etch1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-4770