CVE-2014-7940
EPSS 2.4%
Description
The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.
How to fix CVE-2014-7940
To remediate CVE-2014-7940, upgrade the affected package to a fixed version below.
- Debian/icu—upgrade to 52.1-7.1 or later
Is CVE-2014-7940 being exploited?
Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 52.1-7.1