{"id":"USN-3274-1","summary":"icu vulnerabilities","details":"It was discovered that ICU incorrectly handled certain memory operations\nwhen processing data. If an application using ICU processed crafted data,\na remote attacker could possibly cause it to crash or potentially execute\narbitrary code with the privileges of the user invoking the program.\n","modified":"2026-04-22T09:35:10.224245Z","published":"2017-05-02T18:23:41Z","related":["UBUNTU-CVE-2017-7867","UBUNTU-CVE-2017-7868"],"upstream":["CVE-2017-7867","CVE-2017-7868","UBUNTU-CVE-2017-7867","UBUNTU-CVE-2017-7868"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3274-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-7867"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-7868"}],"affected":[{"package":{"name":"icu","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/icu@52.1-3ubuntu0.6?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.1-3ubuntu0.6"}]}],"versions":["4.8.1.1-12ubuntu2","4.8.1.1-13+nmu1","4.8.1.1-13+nmu1ubuntu1","52.1-3","52.1-3ubuntu0.2","52.1-3ubuntu0.3","52.1-3ubuntu0.4","52.1-3ubuntu0.5"],"ecosystem_specific":{"binaries":[{"binary_version":"52.1-3ubuntu0.6","binary_name":"icu-devtools"},{"binary_version":"52.1-3ubuntu0.6","binary_name":"libicu52"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3274-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-7867"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-7868"}],"ecosystem":"Ubuntu:14.04:LTS"}}},{"package":{"name":"icu","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/icu@55.1-7ubuntu0.2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"55.1-7ubuntu0.2"}]}],"versions":["55.1-4ubuntu1","55.1-6ubuntu1","55.1-7","55.1-7ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_version":"55.1-7ubuntu0.2","binary_name":"icu-devtools"},{"binary_version":"55.1-7ubuntu0.2","binary_name":"libicu55"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3274-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-7867"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-7868"}],"ecosystem":"Ubuntu:16.04:LTS"}}}],"schema_version":"1.7.5"}