CVE-2014-8146
icu - security update
EPSS 25.8%
Description
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
How to fix CVE-2014-8146
To remediate CVE-2014-8146, upgrade the affected package to a fixed version below.
- Debian/icu—upgrade to 52.1-9 or later
- Debian/icu—upgrade to 4.8.1.1-12+deb7u3 or later
Is CVE-2014-8146 being exploited?
Moderate — EPSS is 25.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 52.1-9
- from 0, < 4.8.1.1-12+deb7u3