CVE-2015-1270

Published: 22 July 2015

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.

Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream
Released (44.0.2403.89)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [44.0.2403.89-0ubuntu0.14.04.1.1095])
Patches:
Upstream: https://chromium.googlesource.com/chromium/deps/icu/+/f1ad7f9ba957571dc692ea3e187612c685615e19
icu
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr)
Released (52.1-3ubuntu0.4)
Patches:
Upstream: http://bugs.icu-project.org/trac/changeset/37486
oxide-qt
Launchpad, Ubuntu, Debian
Upstream
Released (1.8.4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.8.4-0ubuntu0.14.04.1])