CVE-2015-2059

EPSS 0.83%

libidn - security update

Published: 8/12/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-2059

Description

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.

Affected packages (4)

Debian/libidnfrom 0, < 1.31-1
Debian/libidnfrom 0, < 1.15-2+deb6u1
Debian/libidnfrom 0, < 1.25-2+deb7u1
Debian/libidnfrom 0, < 1.29-1+deb8u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-2059