[libicu] [CVE-2007-4770] [CVE-2007-4771] potential execution of arbitrary code via malformed regular expressions
Bug #186578 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
icu (Debian) |
Fix Released
|
Unknown
|
|||
icu (Fedora) |
Fix Released
|
High
|
|||
icu (Gentoo Linux) |
Fix Released
|
High
|
|||
icu (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Edgy |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Feisty |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Gutsy |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: libicu36
References:
MDVSA-2008:026 (http://
Quoting:
"Will Drewry reported multiple flaws in how libicu processed certain
malformed regular expressions. If an application linked against
libicu, such as OpenOffice.org, processed a carefully-crafted regular
expression, it could potentially cause the execution of arbitrary
code with the privileges of the user running the application."
Changed in icu: | |
status: | Unknown → Fix Released |
Changed in icu: | |
status: | Unknown → Fix Released |
Changed in icu: | |
status: | Unknown → Fix Released |
Changed in icu (Gentoo Linux): | |
importance: | Unknown → High |
Changed in icu (Fedora): | |
importance: | Unknown → High |
To post a comment you must log in.
Will Drewry reported a flaw in the way libicu processes certain regular
expressions. He reports:
On regular expression compilation, illegal backreferences may refer to the
non-existent capture group '0'. When these are builts, they will result
in corrupt REStackFrames which will be used at a later point. Crashes may
result in out of band reads or writes depending on the regular expression
being executed.