Dear Libunistring,
I hope this obsolete, but this appeared as a zero-day in my jAudio project with persons receiving a rogue copy of a file with a buffer overflow in the first character of the file resulting in remote code insertion, in this case a boot loader for a root kit that compromises the java build process for jAudio itself.
Daniel McEnnis
Contact San Francisco FBI Field Office for identity checks