International Components for Unicode (ICU) for C/C++ has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.
Created icu tracking bugs for this issue:
Affects: fedora-all [bug 1444101]
Created mingw-icu tracking bugs for this issue:
Affects: epel-7 [bug 1444100]
Affects: fedora-all [bug 1444099]
This is the same vulnerability as CVE-2017-7867 (bug 1444097), though clusterfuzz identified it as different due to a slightly different stack trace when the crash occurred. Both are addressed by the same patch upstream, which correctly accounts for legacy 6-byte utf8 sequences.
*** This bug has been marked as a duplicate of bug 1444097 ***
This flaw was found to be a duplicate of CVE-2017-7867. Please see https://access.redhat.com/security/cve/CVE-2017-7867 for information about affected products and security errata.