CVE-2014-7940

Published: 22 January 2015

The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.

Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream
Released (40.0.2214.91)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (40.0.2214.94-0ubuntu1.1120)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [40.0.2214.94-0ubuntu0.14.04.1.1068])
icu
Launchpad, Ubuntu, Debian
Upstream
Released (52.1-7.1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(52.1-7.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (52.1-3ubuntu0.2)
Patches:
Other: https://chromium.googlesource.com/chromium/deps/icu/+/866ff696e9022a6000afbab516fba62cfa306075
Other: https://chromium.googlesource.com/chromium/deps/icu/+/a626a75aad2675254073366fcaa9465dacf17100
Other: https://chromium.googlesource.com/chromium/deps/icu/+/a626a75aad2675254073366fcaa9465dacf17100/patches/col.patch
oxide-qt
Launchpad, Ubuntu, Debian
Upstream
Released (1.4.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.4.2-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.4.2-0ubuntu0.14.04.1])