Question about CVE-2025-5222

2 views
Skip to first unread message

Biedrzycki, Filip

unread,
Nov 25, 2025, 10:46:10 AMNov 25
to icu-s...@unicode.org
HI All,

Was ICU4j affected by CVE-2025-5222  or it affects ICU4C only.
After some research I didn't find any definitive answer.

Best regards,
Filip Biedrzycki

Markus Scherer

unread,
Nov 25, 2025, 12:48:10 PMNov 25
to Biedrzycki, Filip, icu-s...@unicode.org
On Tue, Nov 25, 2025 at 7:46 AM 'Biedrzycki, Filip' via icu-support <icu-s...@unicode.org> wrote:
Was ICU4j affected by CVE-2025-5222  or it affects ICU4C only.

Neither, really.

It's a buffer overflow in an offline, build-time tool (genrb). These tools don't have the kind of production-level runtime code that the libraries do.

markus
Reply all
Reply to author
Forward
0 new messages