Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-5222 PoC — Icu: stack buffer overflow in the srbroot::addtag function

Source
https://github.com/berkley4/icu-74-debian
Associated Vulnerability
Title:Icu: stack buffer overflow in the srbroot::addtag function (CVE-2025-5222)
Description:A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
Description
Debian build files for icu 74.2 with a patch to fix CVE-2025-5222
Readme
# icu-74-debian
Debian build files for icu 74.2 with a patch to fix CVE-2025-5222

You need to download and extract [icu_74.2.orig.tar.gz](https://snapshot.debian.org/archive/debian/20231215T150950Z/pool/main/i/icu/icu_74.2.orig.tar.gz) to set up your source tree.

Clone this repo somewhere with the following command :-

```
git clone https://github.com/berkley4/icu-74-debian
```

Copy the debian folder from the cloned repo to your icu source directory, eg :-

```
cp -a icu-74-debian/debian icu/
```

Change into the icu source tree and start building the icu deb files :-

```
cd icu

DEB_BUILD_MAINT_OPTIONS=abi=+time64 dpkg-buildpackage -b -uc
```

End users, eg those who have downloaded my ungoogled chromium debs, need to install :-

libicu74_74.2-1_amd64.deb


Builders need to install the following debs :-

libicu74_74.2-1_amd64.deb
libicu-dev_74.2-1_amd64.deb
icu-devtools_74.2-1_amd64.deb
File Snapshot

 [4.0K]  /data/pocs/ecc63429c088dbf0fa4fd054dd2d4615e0f4b83f
├── [4.0K]  debian
│   ├── [ 43K]  changelog
│   ├── [ 122]  clean
│   ├── [2.2K]  control
│   ├── [2.2K]  copyright
│   ├── [ 912]  fix_substvars.pl
│   ├── [ 198]  icu-devtools.install
│   ├── [ 358]  icu-doc.doc-base
│   ├── [  45]  icu-doc.install
│   ├── [ 150]  libicu74.install
│   ├── [ 345]  libicu74.lintian-overrides
│   ├── [ 210]  libicu74.shlibs
│   ├── [ 100]  libicu-dev.install
│   ├── [  75]  libicu-dev.lintian-overrides
│   ├── [4.0K]  patches
│   │   ├── [ 874]  broken_LICENSE.patch
│   │   ├── [7.3K]  ICU-22973.patch
│   │   ├── [ 641]  icudata-stdlibs.patch
│   │   └── [  59]  series
│   ├── [ 830]  README.source
│   ├── [2.5K]  rules
│   ├── [4.0K]  source
│   │   ├── [  12]  format
│   │   └── [ 110]  lintian-overrides
│   ├── [4.0K]  tests
│   │   ├── [ 214]  build-test
│   │   ├── [ 161]  control
│   │   ├── [ 176]  smoke
│   │   └── [ 24K]  ustring.cpp
│   ├── [4.0K]  upstream
│   │   └── [ 59K]  signing-key.asc
│   └── [ 283]  watch
└── [ 905]  README.md

5 directories, 28 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →