Buffer and integer overflow vulnerabilities have been patched in the ICU Project ICU4C library, used in hundreds of open source and enterprise software packages.