On 11/23/2009 08:37 PM, Les Mikesell wrote: > > Wasn't the last bug found and fixed 5 or 6 years ago? > No. Earlier this year there was a heap overflow found that may allow arbitrary code execution: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1490