CVE-2017-14952 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Critical
Remote	Yes
Type	Arbitrary code execution
Description	Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-507	lib32-icu	59.1-1	60.1-1	Critical	Fixed
AVG-504	icu	59.1-1	60.1-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
20 Nov 2017	ASA-201711-26	AVG-507	lib32-icu	Critical	arbitrary code execution
19 Nov 2017	ASA-201711-25	AVG-504	icu	Critical	arbitrary code execution

References
http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/ http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp