CVE-2015-1270

EPSS 1.2%

icu - security update

Published: 7/23/2015Modified: 4/28/2026

Description

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.

Affected packages (2)

Debian/icufrom 0, < 55.1-5
Debian/icufrom 0, < 52.1-8+deb8u3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-1270