Charles Fol discovered that the iconv() function in the GNU C library is prone to a buffer overflow vulnerability when converting strings to the ISO-2022-CN-EXT character set, which may lead to denial of service (application crash) or the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5673-1
Continue reading...
https://security-tracker.debian.org/tracker/DSA-5673-1
Continue reading...