icu: multiple issues (CVE-2014-8146, CVE-2014-8147)
CVE-2014-8146: A heap overflow was found in ICU’s isolateCount which, under certain circumstances, is incremented too many times, resulting in several out of bounds writes.
Upstream commit: http://bugs.icu-project.org/trac/changeset/37162
CVE-2014-8147: An integer overflow was found in ICU’s
resolveImplicitLevels function. The overflow causes an error when
performing a malloc on pBiDiinsertPoints>points because
insertPoints is adjacent in memory to isolates[].
Upstream commit: http://bugs.icu-project.org/trac/changeset/37080
Both fixed in ICU 55.1.
Additional details:
https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt
https://bugzilla.redhat.com/show\_bug.cgi?id=1176197
https://bugzilla.redhat.com/show\_bug.cgi?id=1176200
(from redmine: issue id 4241, created on 2015-05-22, closed on 2015-05-28)
- Relations:
- child #4242 (closed)
- child #4243 (closed)
- child #4244 (closed)
- child #4245 (closed)