iDefense Lab security researchers discovered that the expressions computing the parameters for ALLOCATE_LOCAL() in those functions are using client-provided value in an expression that is subject to integer overflows, which could lead to memory corruption.
Linux Reviews, News and HowTo Guides