Some interesting open source vulnerabilities were located and fixed by members of Google’s Security Team. Google encourages its employees to contribute back to the open source community. The specific vulnerabilities are integer overflows, out-of-bounds array accesses and buffer overflows. The general theme is using an integer from an untrusted source without adequately sanity checking it. We recommend being careful using any such code until it has been vetted for security (by auditing, fuzz testing or preferably both). It is important to watch up to date for security updates for any software you use.”]
Source: https://security.googleblog.com/2007/10/auditing-open-source-software.html