{"id":"CVE-2017-14952","details":"Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a \"redundant UVector entry clean up function call\" issue.","modified":"2026-04-16T06:15:57.723543074Z","published":"2017-10-16T16:29:00.887Z","related":["SUSE-SU-2018:1401-1","SUSE-SU-2018:1401-2","SUSE-SU-2018:1602-1"],"references":[{"type":"ADVISORY","url":"http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"FIX","url":"http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/unicode-org/icu","events":[{"introduced":"0"},{"last_affected":"906906c3d9ba7f5292ed0b44a017fe16e0440aea"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"59.1"}]}}],"versions":["last-cvs-commit","milestone-59-0-1","release-59-1","release-59-rc"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14952.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}