[v3.0] icu: multiple issues (CVE-2014-8146, CVE-2014-8147)
CVE-2014-8146: A heap overflow was found in ICU’s isolateCount which, under certain circumstances, is incremented too many times, resulting in several out of bounds writes.
Upstream commit: http://bugs.icu-project.org/trac/changeset/37162
CVE-2014-8147: An integer overflow was found in ICU’s
resolveImplicitLevels function. The overflow causes an error when
performing a malloc on pBiDiinsertPoints>points because
insertPoints is adjacent in memory to isolates[].
Upstream commit: http://bugs.icu-project.org/trac/changeset/37080
Both fixed in ICU 55.1.
Additional details:
https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt
https://bugzilla.redhat.com/show\_bug.cgi?id=1176197
https://bugzilla.redhat.com/show\_bug.cgi?id=1176200
(from redmine: issue id 4244, created on 2015-05-22, closed on 2017-05-17)
- Relations:
- parent #4241 (closed)
- Changesets:
- Revision cd87def9 by Natanael Copa on 2015-05-28T06:35:53Z:
main/icu: security fix for CVE-2014-8146 and CVE-2014-8147
fixes #4244