Mandriva Linux Security Advisory 2014-168 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The libvncserver library is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. The x11vnc packages is now build against the system libvncserver library to avoid security issues in the bundled copy. The icecream packages is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.
250c81914e24825853b855493501760094ef441b094b49344065f2078e67daa7