10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.024 Low
EPSS
Percentile
89.7%
Package : icu
Version : 4.4.1-8+squeeze4
CVE ID : CVE-2015-4760
A vulnerability has been found in the International Components
for Unicode (ICU) library:
CVE-2015-4760
It was discovered that ICU Layout Engine was missing multiple
boundary checks. These could lead to buffer overflows and memory
corruption. A specially crafted file could cause an application
using ICU to parse untrusted font files to crash and, possibly,
execute arbitrary code.
For the squeeze distribution, these issues have been fixed in version
4.4.1-8+squeeze4 of icu.
We recommend to upgrade your icu packages.
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | arm64 | openjdk-7-jre-headless | < 7u79-2.5.6-1~deb8u1 | openjdk-7-jre-headless_7u79-2.5.6-1~deb8u1_arm64.deb |
Debian | 7 | ia64 | libicu48 | < 4.8.1.1-12+deb7u3 | libicu48_4.8.1.1-12+deb7u3_ia64.deb |
Debian | 8 | all | openjdk-7-doc | < 7u79-2.5.6-1~deb8u1 | openjdk-7-doc_7u79-2.5.6-1~deb8u1_all.deb |
Debian | 8 | armel | openjdk-7-dbg | < 7u79-2.5.6-1~deb8u1 | openjdk-7-dbg_7u79-2.5.6-1~deb8u1_armel.deb |
Debian | 8 | armel | icu-devtools | < 52.1-8+deb8u2 | icu-devtools_52.1-8+deb8u2_armel.deb |
Debian | 6 | amd64 | openjdk-6-jdk | < 6b36-1.13.8-1~deb6u1 | openjdk-6-jdk_6b36-1.13.8-1~deb6u1_amd64.deb |
Debian | 7 | armhf | openjdk-6-dbg | < 6b36-1.13.8-1~deb7u1 | openjdk-6-dbg_6b36-1.13.8-1~deb7u1_armhf.deb |
Debian | 8 | kfreebsd-amd64 | openjdk-7-jre-zero | < 7u79-2.5.6-1~deb8u1 | openjdk-7-jre-zero_7u79-2.5.6-1~deb8u1_kfreebsd-amd64.deb |
Debian | 7 | sparc | libicu48 | < 4.8.1.1-12+deb7u3 | libicu48_4.8.1.1-12+deb7u3_sparc.deb |
Debian | 7 | s390x | openjdk-7-jre-headless | < 7u79-2.5.6-1~deb7u1 | openjdk-7-jre-headless_7u79-2.5.6-1~deb7u1_s390x.deb |