glibc qsort() Out-Of-Bounds Read / Write Exploit

Qualys discovered a memory corruption in the glibc's qsort function, due to a missing bounds check. To be vulnerable, a program must call qsort with a nontransitive comparison function a function cmpint a, int b that returns a - b, for example and with a large number of attacker-controlled elemen...