A heap-based buffer overflow flaw was found in the way the libtasn1
library decoded certain DER-encoded input. A specially crafted,
DER-encoded input could cause an application using libtasn1 to perform
an invalid read, causing the application to crash or, possibly, execute
arbitrary code.
The heap overflow happens in the function _asn1_extract_der_octet() that
is called during decoding of DER-encoded input.