CVE-2007-4770

Name: CVE-2007-4770
Creator: NVD / NIST
Published: 2008-01-29T00:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.82%

Last modified Jun 16, 2026

CVE-2007-4770 is a vulnerability of currently unknown severity. libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.. EPSS estimates a 2.82% chance of exploitation in the next 30 days.

Description

libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.

Metrics

EPSS Probability

2.82%

84.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions
Icu-Project	International Components For Unicode	<= 3.8.1

References

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2008-0090.htmlThird Party Advisory
http://secunia.com/advisories/28575Permissions Required
http://secunia.com/advisories/28615Permissions Required
http://secunia.com/advisories/28669Permissions Required
http://secunia.com/advisories/28783Permissions Required
http://secunia.com/advisories/29194Permissions Required
http://secunia.com/advisories/29242Permissions Required
http://secunia.com/advisories/29291Permissions Required
http://secunia.com/advisories/29294Permissions Required
http://secunia.com/advisories/29333Permissions Required
http://secunia.com/advisories/29852Permissions Required
http://secunia.com/advisories/29910Permissions Required
http://secunia.com/advisories/29987Permissions Required
http://secunia.com/advisories/30179Permissions Required
http://security.gentoo.org/glsa/glsa-200803-20.xmlThird Party Advisory
http://security.gentoo.org/glsa/glsa-200805-16.xmlThird Party Advisory
http://securitytracker.com/id?1019269Third Party Advisory, VDB Entry
http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.comBroken Link, Patch, Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043Third Party Advisory
http://www.debian.org/security/2008/dsa-1511Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:026Broken Link
http://www.novell.com/linux/security/advisories/2008_23_openoffice.htmlThird Party Advisory
http://www.openoffice.org/security/cves/CVE-2007-4770.htmlThird Party Advisory
http://www.openoffice.org/security/cves/CVE-2007-5745.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/487677/100/0/threaded
http://www.securityfocus.com/bid/27455Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-591-1Third Party Advisory
http://www.vupen.com/english/advisories/2008/0282Third Party Advisory
http://www.vupen.com/english/advisories/2008/0807/referencesThird Party Advisory
http://www.vupen.com/english/advisories/2008/1375/referencesThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=429023Issue Tracking, Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39938Third Party Advisory, VDB Entry
https://issues.rpath.com/browse/RPL-2199Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11172Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5507Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.htmlThird Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2008-0090.htmlThird Party Advisory
http://secunia.com/advisories/28575Permissions Required
http://secunia.com/advisories/28615Permissions Required
http://secunia.com/advisories/28669Permissions Required
http://secunia.com/advisories/28783Permissions Required
http://secunia.com/advisories/29194Permissions Required
http://secunia.com/advisories/29242Permissions Required
http://secunia.com/advisories/29291Permissions Required
http://secunia.com/advisories/29294Permissions Required
http://secunia.com/advisories/29333Permissions Required
http://secunia.com/advisories/29852Permissions Required
http://secunia.com/advisories/29910Permissions Required
http://secunia.com/advisories/29987Permissions Required
http://secunia.com/advisories/30179Permissions Required
http://security.gentoo.org/glsa/glsa-200803-20.xmlThird Party Advisory
http://security.gentoo.org/glsa/glsa-200805-16.xmlThird Party Advisory
http://securitytracker.com/id?1019269Third Party Advisory, VDB Entry
http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.comBroken Link, Patch, Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043Third Party Advisory
http://www.debian.org/security/2008/dsa-1511Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:026Broken Link
http://www.novell.com/linux/security/advisories/2008_23_openoffice.htmlThird Party Advisory
http://www.openoffice.org/security/cves/CVE-2007-4770.htmlThird Party Advisory
http://www.openoffice.org/security/cves/CVE-2007-5745.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/487677/100/0/threaded
http://www.securityfocus.com/bid/27455Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-591-1Third Party Advisory
http://www.vupen.com/english/advisories/2008/0282Third Party Advisory
http://www.vupen.com/english/advisories/2008/0807/referencesThird Party Advisory
http://www.vupen.com/english/advisories/2008/1375/referencesThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=429023Issue Tracking, Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39938Third Party Advisory, VDB Entry
https://issues.rpath.com/browse/RPL-2199Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11172Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5507Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.htmlThird Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.htmlThird Party Advisory

Timeline

Published: Jan 29, 2008
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-4770?

How severe is CVE-2007-4770?

Severity scoring for CVE-2007-4770 is pending analysis. The EPSS model estimates a 2.82% probability of exploitation in the next 30 days.

How do I fix CVE-2007-4770?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-4770?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST