CVE-2007-4770 : libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts

libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.

Published 2008-01-29 00:00:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2007-4770

Icu-project » International Components For Unicode » For C/c++
Versions up to, including, (<=) 3.8.1
cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\/c\+\+:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-4770

EPSS FAQ

2.97%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-4770

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2007-4770

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-4770

http://secunia.com/advisories/29333

About Secunia Research | Flexera
Permissions Required

CVEs referencing this url
http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com

Page not found - SourceForge.net
Broken Link;Patch;Third Party Advisory

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2008_23_openoffice.html

404 Page Not Found | SUSE
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/29291

About Secunia Research | Flexera
Permissions Required

CVEs referencing this url
http://secunia.com/advisories/28615

About Secunia Research | Flexera
Permissions Required

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1

Broken Link

CVEs referencing this url
http://secunia.com/advisories/28783

About Secunia Research | Flexera
Permissions Required

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2008-0090.html

RHSA-2008:0090 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0807/references

Site en construction
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/29910

About Secunia Research | Flexera
Permissions Required

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200805-16.xml

OpenOffice.org: Multiple vulnerabilities (GLSA 200805-16) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.html

[SECURITY] Fedora 7 Update: icu-3.6-20.fc7
Third Party Advisory

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200803-20.xml

International Components for Unicode: Multiple vulnerabilities (GLSA 200803-20) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/usn-591-1

USN-591-1: libicu vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/29294

About Secunia Research | Flexera
Permissions Required

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5507

404 Not Found
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1375/references

Site en construction
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

[security-announce] SUSE Security Summary Report SUSE-SR:2008:005 - openSUSE Security Announce - openSUSE Mailing Lists
Third Party Advisory

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.html

[SECURITY] Fedora 8 Update: icu-3.8-5.fc8
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/487677/100/0/threaded

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/39938

Third Party Advisory;VDB Entry
http://secunia.com/advisories/28575

About Secunia Research | Flexera
Permissions Required

CVEs referencing this url
http://secunia.com/advisories/29852

About Secunia Research | Flexera
Permissions Required

CVEs referencing this url
http://securitytracker.com/id?1019269

Access Denied
Third Party Advisory;VDB Entry

CVEs referencing this url
http://secunia.com/advisories/28669

About Secunia Research | Flexera
Permissions Required

CVEs referencing this url
http://www.openoffice.org/security/cves/CVE-2007-5745.html

CVE-2007-5745/5747
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/29987

About Secunia Research | Flexera
Permissions Required

CVEs referencing this url
http://secunia.com/advisories/30179

About Secunia Research | Flexera
Permissions Required

CVEs referencing this url
http://www.openoffice.org/security/cves/CVE-2007-4770.html

CVE-2007-4770/4771
Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2008/dsa-1511

[SECURITY] [DSA 1511-1] New libicu packages fix multiple problems
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/29242

About Secunia Research | Flexera
Permissions Required

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=429023

429023 – (CVE-2007-4770) CVE-2007-4770 libicu poor back reference validation
Issue Tracking;Third Party Advisory
http://secunia.com/advisories/29194

About Secunia Research | Flexera
Permissions Required

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1

Broken Link

CVEs referencing this url
http://www.securityfocus.com/bid/27455

Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2008:026

Mandriva
Broken Link

CVEs referencing this url
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043

Third Party Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11172

404 Not Found
Third Party Advisory
https://issues.rpath.com/browse/RPL-2199

Third Party Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0282

Site en construction
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2007-4770

Products affected by CVE-2007-4770

Exploit prediction scoring system (EPSS) score for CVE-2007-4770

CVSS scores for CVE-2007-4770

CWE ids for CVE-2007-4770

References for CVE-2007-4770