Quoting Secunia from $URL:
A vulnerability has been reported in abcm2ps, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to an error within the "getarena()" function in abc2ps.c when allocating memory. This can be exploited to potentially cause a heap-based buffer overflow when converting a specially crafted ABC file.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 5.9.13.
Sound: I see that we are several versions behind upstream and it's a leaf package. If you don't want to bump, please consider removal.
CVE request: [oss-security] CVE Request -- Abcm2ps v5.9.12 -- multiple unspecified vulnerabilities (From: Jan Lieskovsky <firstname.lastname@example.org>=
20 Aug 2010; Samuli Suominen <email@example.com> abcm2ps-5.9.15.ebuild:
amd64 stable wrt #322859
*abcm2ps-5.9.15 (20 Aug 2010)
20 Aug 2010; Samuli Suominen <firstname.lastname@example.org>
Version bump wrt #322859 by Alex Legler.
all arch's done, add sound@ back if you need something ->
GLSA Request filed.
Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote
attackers to execute arbitrary code via (1) a crafted input file, related to
the PUT0 and PUT1 output macros; (2) a crafted input file, related to the
trim_title function; and possibly (3) a long -O option on a command line.
Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown
impact and attack vectors, a different issue than CVE-2010-3441.
This issue was resolved and addressed in
GLSA 201111-12 at http://security.gentoo.org/glsa/glsa-201111-12.xml
by GLSA coordinator Alex Legler (a3li).