Skip to main content

Double Free

CVE-2017-14952

Severity High
Score 9.8/10

Summary

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ prior to 58.3 and 59.2 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-415 - Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Advisory Timeline

  • Published