CVE-2017-14952

Published: 16 October 2017

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
icu
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (55.1-7ubuntu0.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (52.1-3ubuntu0.7)