CVE-2015-1270
icu - security update
EPSS 1.2%
Description
The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.
How to fix CVE-2015-1270
To remediate CVE-2015-1270, upgrade the affected package to a fixed version below.
- Debian/icu—upgrade to 55.1-5 or later
- Debian/icu—upgrade to 52.1-8+deb8u3 or later
Is CVE-2015-1270 being exploited?
Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 55.1-5
- from 0, < 52.1-8+deb8u3