Debian DSA-3187-1 : icu - security update

critical Nessus Plugin ID 81831
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6


The remote Debian host is missing a security-related update.


Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.

- CVE-2013-1569 Glyph table issue.

- CVE-2013-2383 Glyph table issue.

- CVE-2013-2384 Font layout issue.

- CVE-2013-2419 Font processing issue.

- CVE-2014-6585 Out-of-bounds read.

- CVE-2014-6591 Additional out-of-bounds reads.

- CVE-2014-7923 Memory corruption in regular expression comparison.

- CVE-2014-7926 Memory corruption in regular expression comparison.

- CVE-2014-7940 Uninitialized memory.

- CVE-2014-9654 More regular expression flaws.


Upgrade the icu packages.

For the stable distribution (wheezy), these problems have been fixed in version

For the upcoming stable (jessie) and unstable (sid) distributions, these problems have been fixed in version 52.1-7.1.

See Also

Plugin Details

Severity: Critical

ID: 81831

File Name: debian_DSA-3187.nasl

Version: 1.18

Type: local

Agent: unix

Published: 3/17/2015

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: Critical

VPR Score: 6

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:icu, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/15/2015

Reference Information

CVE: CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419, CVE-2014-6585, CVE-2014-6591, CVE-2014-7923, CVE-2014-7926, CVE-2014-7940, CVE-2014-9654

BID: 59131, 59166, 59179, 59190, 72173, 72175

DSA: 3187