icu: Uninitialized memory read fixed in Chrome 44.0.2403.89 (CVE-2015-1270)
The ucnv_io_getConverterName function in common/ucnv_io.cpp in
International Components for Unicode (ICU),
as used in Google Chrome before 44.0.2403.89, mishandles converter names
with initial x- substrings,
which allows remote attackers to cause a denial of service (read of
uninitialized memory) or
possibly have unspecified other impact via a crafted file.
References
https://security-tracker.debian.org/tracker/CVE-2015-1270
http://bugs.icu-project.org/trac/ticket/11696
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-1270
Patch
http://bugs.icu-project.org/trac/changeset/37486/
(from redmine: issue id 4677, created on 2015-09-29, closed on 2015-10-12)
- Relations:
- child #4678 (closed)
- child #4679 (closed)
- child #4680 (closed)
- child #4681 (closed)
- child #4682 (closed)
- Changesets:
- Revision 4979be8d by Natanael Copa on 2015-10-12T07:39:43Z:
main/icu: security fix for CVE-2015-1270
ref #4677
fixes #4678
- Revision fb88495e by Natanael Copa on 2015-10-12T07:41:10Z:
main/icu: security fix for CVE-2015-1270
ref #4677
fixes #4679
- Revision 6a31b73a by Natanael Copa on 2015-10-12T07:54:22Z:
main/icu: security fix for CVE-2015-1270
ref #4677
fixes #4680
- Revision 5822bc38 by Natanael Copa on 2015-10-12T11:08:30Z:
main/icu: security fix for CVE-2015-1270
ref #4677
fixes #4681
- Revision e86e3078 by Natanael Copa on 2015-10-12T11:09:30Z:
main/icu: security fix for CVE-2015-1270
ref #4677
fixes #4682