It was discovered that libidn, the GNU library for Internationalized Domain Names , did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library.