Charles Fol discovered that the iconv function in the GNU C library is prone to a buffer overflow vulnerability when converting strings to the ISO-2022-CN-EXT character set, which may lead to denial of service or the execution of arbitrary code.