CVE-2014-7940

🗓️ 22 Jan 2015 22:00:00Reported by ChromeType

The collator implementation in ICU 52 through SVN rev 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, leading to denial of service or other impact via a crafted character sequence

Reporter	Title	Published	Views	Family All 82
ArchLinux	chromium: multiple issues	25 Jan 201500:00	–	archlinux
CNVD	Google Chrome ICU Uninitialization Vulnerability	26 Jan 201500:00	–	cnvd
Cvelist	CVE-2014-7940	22 Jan 201522:00	–	cvelist
Debian	[SECURITY] [DLA 219-1] icu security update	14 May 201509:45	–	debian
Debian	[SECURITY] [DSA 3187-1] icu security update	15 Mar 201505:02	–	debian
Debian	[SECURITY] [DSA 3187-1] icu security update	15 Mar 201505:02	–	debian
Debian CVE	CVE-2014-7940	22 Jan 201522:00	–	debiancve
Tenable Nessus	Debian DLA-219-1 : icu security update	15 May 201500:00	–	nessus
Tenable Nessus	Debian DSA-3187-1 : icu - security update	17 Mar 201500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : icu (EulerOS-SA-2019-2159)	12 Nov 201900:00	–	nessus

NVD

Node

google chromeRange≤40.0.2214.85

Node

icu-project international_components_for_unicodeRange≤52.1c/c++

Source	Link
googlechromereleases	www.googlechromereleases.blogspot.com/2015/01/stable-update.html
ubuntu	www.ubuntu.com/usn/USN-2476-1
advisories	www.advisories.mageia.org/MGASA-2015-0047.html
securityfocus	www.securityfocus.com/bid/72288
secunia	www.secunia.com/advisories/62575
security	www.security.gentoo.org/glsa/glsa-201502-13.xml
securitytracker	www.securitytracker.com/id/1031623
chromium	www.chromium.googlesource.com/chromium/src.git/+/87feb77547781a22b31c423bc0d57b7dca32d5b8
lists	www.lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
rhn	www.rhn.redhat.com/errata/RHSA-2015-0093.html

06 May 2026 22:30Current

9.4High risk

Vulners AI Score9.4

CVSS 27.5

EPSS0.02423

CWE-399