There is a heap overflow which can allow remote code execution. See bug #351920. I have access to amd64, x86, ppc and ppc64 if you would allow me to help.
Let's just use one bug instead of two, like with every other issue. *** This bug has been marked as a duplicate of bug 351920 ***