Ubuntu Security Notice 994-1 - It was discovered that libHX incorrectly handled certain parameters to the HX_split function. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code with the privileges of the user. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
275890f0f136de929b2c261461dd577bcab95fd6eca3d4d0a8a9de2964a27a1b
Mandriva Linux Security Advisory 2010-165 - Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service via a string that is inconsistent with the expected number of fields. The updated packages have been patched to correct this issue.
7c17832ce2648dd5df2b0c1c15a0b95e4de8654ea3c56acabf9bf515866c5190