Don A. Baley discovered an integer overflow in the lzo compression handler which could result in the execution of arbitrary code.