{"id":"USN-2522-1","summary":"icu vulnerabilities","details":"It was discovered that ICU incorrectly handled memory operations when\nprocessing fonts. If an application using ICU processed crafted data, an\nattacker could cause it to crash or potentially execute arbitrary code with\nthe privileges of the user invoking the program. This issue only affected\nUbuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384,\nCVE-2013-2419)\n\nIt was discovered that ICU incorrectly handled memory operations when\nprocessing fonts. If an application using ICU processed crafted data, an\nattacker could cause it to crash or potentially execute arbitrary code with\nthe privileges of the user invoking the program. (CVE-2014-6585,\nCVE-2014-6591)\n\nIt was discovered that ICU incorrectly handled memory operations when\nprocessing regular expressions. If an application using ICU processed\ncrafted data, an attacker could cause it to crash or potentially execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2014-7923, CVE-2014-7926, CVE-2014-9654)\n\nIt was discovered that ICU collator implementation incorrectly handled\nmemory operations. If an application using ICU processed crafted data, an\nattacker could cause it to crash or potentially execute arbitrary code with\nthe privileges of the user invoking the program. (CVE-2014-7940)\n","modified":"2026-04-22T09:08:49.183284Z","published":"2015-03-05T13:31:51Z","related":["UBUNTU-CVE-2014-6585","UBUNTU-CVE-2014-6591","UBUNTU-CVE-2014-7923","UBUNTU-CVE-2014-7926","UBUNTU-CVE-2014-7940","UBUNTU-CVE-2014-9654"],"upstream":["CVE-2013-1569","CVE-2013-2383","CVE-2013-2384","CVE-2013-2419","CVE-2014-6585","CVE-2014-6591","CVE-2014-7923","CVE-2014-7926","CVE-2014-7940","CVE-2014-9654","UBUNTU-CVE-2013-1569","UBUNTU-CVE-2013-2383","UBUNTU-CVE-2013-2384","UBUNTU-CVE-2013-2419","UBUNTU-CVE-2014-6585","UBUNTU-CVE-2014-6591","UBUNTU-CVE-2014-7923","UBUNTU-CVE-2014-7926","UBUNTU-CVE-2014-7940","UBUNTU-CVE-2014-9654"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2522-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-1569"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-2383"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-2384"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-2419"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6585"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6591"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-7923"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-7926"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-7940"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-9654"}],"affected":[{"package":{"name":"icu","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/icu@52.1-3ubuntu0.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.1-3ubuntu0.2"}]}],"versions":["4.8.1.1-12ubuntu2","4.8.1.1-13+nmu1","4.8.1.1-13+nmu1ubuntu1","52.1-3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"52.1-3ubuntu0.2","binary_name":"icu-devtools"},{"binary_version":"52.1-3ubuntu0.2","binary_name":"libicu52"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-6585"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-6591"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-7923"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-7926"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-7940"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-9654"}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2522-1.json"}}],"schema_version":"1.7.5"}