LZO is an extremely fast compression and decompression library
LZO is vulnerable to an integer overflow condition in the “lzo1x_decompress_safe” function which could result in a possible buffer overrun when processing maliciously crafted compressed input data.
A remote attacker could send specially crafted compressed input data possibly resulting in a Denial of Service condition or arbitrary code execution.
There is no known workaround at this time.
All LZO users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/lzo-2.08"