Debian Security Advisory DSA 508-1 - Jaguar discovered a vulnerability in one component of xpcd, a PhotoCD viewer. xpcd-svga, part of xpcd which uses svgalib to display graphics on the console, would copy user-supplied data of arbitrary length into a fixed-size buffer in the pcd_open function.
933ad9aa3641a27d6c66de69c8de545087b7ec673c070c7da435f57c70450c89