Mandriva Linux Security Advisory 2015-017 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.
37d784031ae48e29994057c675fed2574429ffa8db1c8f64699b2756dfbdeb52