CVE-2011-4599

EPSS 24.1%

icu - buffer underflow

Published: 6/21/2012Modified: 4/28/2026

Description

Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.

Affected packages (2)

Debian/icufrom 0, < 4.8.1.1-3
Debian/icufrom 0, < 4.4.1-8

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-4599