INFSA-2025:11888: icu security update
Information about definition
Identificator: INFSA-2025:11888
Type: security
Release date: 2025-07-31 16:15:39 UTC
Information about package
The International Components for Unicode (ICU) library provides robust and full-featured Unicode services.
Vulnerabilities description
- CVE-2025-5222
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-5222
|
no information | 7.0 | no information |
Updated packages