10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.026 Low
EPSS
Percentile
88.9%
Several vulnerabilities were discovered in the International Components
for Unicode (ICU) library.
Additionally, it was discovered that the patch applied to ICU in DSA-3187-1
for CVE-2014-6585 was incomplete, possibly leading to an invalid memory
access. This could allow remote attackers to disclose portion of private
memory via crafted font files.
For the oldstable distribution (wheezy), these problems have been fixed
in version 4.8.1.1-12+deb7u3.
For the stable distribution (jessie), these problems have been fixed in
version 52.1-8+deb8u2.
For the testing distribution (stretch), these problems have been fixed
in version 52.1-10.
For the unstable distribution (sid), these problems have been fixed in
version 52.1-10.
We recommend that you upgrade your icu packages.