CVE-2007-4770

Publication date 29 January 2008

Last updated 24 July 2024

Ubuntu priority

libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
icu	7.10 gutsy	Fixed 3.6-3ubuntu0.1
	7.04 feisty	Fixed 3.6-2ubuntu0.1
	6.10 edgy	Fixed 3.4.1a-1ubuntu1.6.10.1
	6.06 LTS dapper	Fixed 3.4.1a-1ubuntu1.6.06.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
icu	Vendor: http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:026 Vendor: https://rhn.redhat.com/errata/RHSA-2008-0090.html Vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463688 Other: http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com

CVE-2007-4770

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references