Posted by Pedro Ribeiro on May 05

tl;dr heap and integer overflows in ICU, many packages affected,
unknown if these can be exploited or not – everyone names vulns
nowadays, so I name these I-C-U-FAIL.

Hi,

I have found two vulnerabilities in the ICU library while fuzzing
LibreOffice, full details in the advisory below.
Disclosure of these was done initially to LibreOffice and then to
distro-security. I then reported it to Chromium, Android and finally
CERT, so I ended up…