Search for packages
Package details: pkg:deb/debian/icu@63.1-6%2Bdeb10u3
purl pkg:deb/debian/icu@63.1-6%2Bdeb10u3
Next non-vulnerable version 72.1-3
Latest non-vulnerable version 72.1-3
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-8axv-ehyu-zqav
Aliases:
CVE-2020-10531
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
67.1-7
Affected by 1 other vulnerability.
VCID-saxq-p7en-gyet
Aliases:
CVE-2025-5222
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
72.1-3
Affected by 0 other vulnerabilities.
VCID-ywmu-5nne-1qdj
Aliases:
CVE-2020-21913
International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.
67.1-7
Affected by 1 other vulnerability.
VCID-yxtk-z76x-9qc2
Aliases:
CVE-2021-30535
Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
67.1-7
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-7uxp-cx7j-9ka3 Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-15422
VCID-8axv-ehyu-zqav An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. CVE-2020-10531
VCID-vu9x-gy3f-fkes CVE-2017-14952
VCID-xvtf-unp2-xudm International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. CVE-2018-18928
VCID-ywmu-5nne-1qdj International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. CVE-2020-21913

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T20:15:12.718525+00:00 Debian Oval Importer Fixing VCID-vu9x-gy3f-fkes https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T18:17:56.900923+00:00 Debian Oval Importer Affected by VCID-yxtk-z76x-9qc2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T18:05:48.766957+00:00 Debian Oval Importer Affected by VCID-ywmu-5nne-1qdj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:42:26.784673+00:00 Debian Oval Importer Affected by VCID-saxq-p7en-gyet https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:33:36.645843+00:00 Debian Oval Importer Fixing VCID-xvtf-unp2-xudm https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:25:48.610171+00:00 Debian Oval Importer Affected by VCID-8axv-ehyu-zqav https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T12:58:25.345558+00:00 Debian Oval Importer Fixing VCID-7uxp-cx7j-9ka3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T11:39:43.891041+00:00 Debian Oval Importer Fixing VCID-8axv-ehyu-zqav https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 37.0.0
2025-08-01T11:33:55.234267+00:00 Debian Oval Importer Fixing VCID-ywmu-5nne-1qdj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 37.0.0