CVE-2025-5222
Published: 05/27/2025 21:15:23
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
HIGH
CVSS v3: 7
CVSS v3: 7
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | international_components_for_unicode (58.1) | Needs Triage | ||
| 25.3 | international_components_for_unicode (58.1) | Not Affected | Code Not Present | Vulnerability exists in genrb CLI tool build process, not in the ICU library itself. Document Filters does not use the genrb binary or the affected parsing code during runtime operation. |
| 25.2 | international_components_for_unicode (58.1) | Needs Triage | ||
| 25.1.1 | international_components_for_unicode (58.1) | Needs Triage | ||
| 25.1 | international_components_for_unicode (58.1) | Needs Triage | ||
| 24.4 | international_components_for_unicode (58.1) | Needs Triage | ||
| 24.4.0 | international_components_for_unicode (58.1) | Needs Triage | ||
| 24.3 | international_components_for_unicode (58.1) | Needs Triage | ||
| 24.2.1 | international_components_for_unicode (58.1) | Needs Triage | ||
| 24.2 | international_components_for_unicode (58.1) | Needs Triage | ||
| 24.1 | international_components_for_unicode (58.1) | Needs Triage | ||
| 23.3 | international_components_for_unicode (58.1) | Needs Triage | ||
| 23.2.1 | international_components_for_unicode (58.1) | Needs Triage | ||
| 23.2 | international_components_for_unicode (58.1) | Needs Triage | ||
| 23.1 | international_components_for_unicode (58.1) | Needs Triage | ||
| 22.4 | international_components_for_unicode (58.1) | Needs Triage | ||
| 22.3 | international_components_for_unicode (58.1) | Needs Triage | ||
| 22.2 | international_components_for_unicode (58.1) | Needs Triage | ||
| 22.1 | international_components_for_unicode (58.1) | Needs Triage | ||
| 21.11.1 | international_components_for_unicode (58.1) | Needs Triage | ||
| 21.11 | international_components_for_unicode (58.1) | Needs Triage | ||
| 21.8.1 | international_components_for_unicode (58.1) | Needs Triage | ||
| 21.8 | international_components_for_unicode (58.1) | Needs Triage | ||
| 21.5.1 | international_components_for_unicode (58.1) | Needs Triage | ||
| 21.5.0 | international_components_for_unicode (58.1) | Needs Triage | ||
| 21.2.0 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.20 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.19.3667 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.18.3599 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.17 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.16.3445 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.15.3368 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.14.3263 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.13.3179 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.12.3054 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.11.3040 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.11.2990 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.10.2934 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.9.2878 | international_components_for_unicode (58.1) | Needs Triage | ||
| 11.4.8.2822 | international_components_for_unicode (58.1) | Needs Triage |
Severity score breakdown
Attack Complexity
HIGH
Attack Vector
LOCAL
Availability Impact
HIGH
Base Score
7
Base Severity
HIGH
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
REQUIRED
Vector String
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Version
3.1