CVE-2018-18928 - Denial of Service

Severity: Medium2021-08-25

Abstract

International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.

Affected Products/Versions

Product	Severity	Fixed Release Availability
Oxygen XML Editor 23.1 and older versions	Medium	Oxygen XML Editor 23.1 build 2021082307
Oxygen XML Developer 23.1 and older versions	Medium	Oxygen XML Developer 23.1 build 2021082307
Oxygen XML Author 23.1 and older versions	Medium	Oxygen XML Author 23.1 build 2021082307

Mitigation

None

Detail

CVE-2018-18928

Severity: Critical

CVSS Score: 9.8

The International Components for Unicode (ICU) package used by Oxygen XML software products is an affected version mentioned in CVE-2018-18928 vulnerability description.

Starting with version 23.1 build 2021082307, the International Components for Unicode (ICU) package was updated to version 69.1, which includes a fix for this vulnerability.

List of Security Advisories

Oxygen XML Editor
Starting from
Academic $6/month
Personal $240
Business $942

Video Tutorials

Upcoming Events

Balisage: The Markup Conference 2024

CVE-2018-18928 - Denial of Service

Abstract

Affected Products/Versions

Mitigation

Detail

Products

Features

Shop

Resources

Support

Company