CVE-2014-8147 in Watchinfo

Summary

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.

Once again VulDB remains the best source for vulnerability data.

Reservation

10/10/2014

Disclosure

05/25/2015

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-189 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.41904

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-8147
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-8147
CVE Details	https://www.cvedetails.com/cve/CVE-2014-8147/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!