The stringpreputf8to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libidn11": "1.28-1ubuntu2.1", "idn-dbgsym": "1.28-1ubuntu2.1", "libidn11-java": "1.28-1ubuntu2.1", "idn": "1.28-1ubuntu2.1", "libidn11-dbgsym": "1.28-1ubuntu2.1", "libidn11-dev": "1.28-1ubuntu2.1" } ] }