Hi there Original advisory: http://milw0rm.com/exploits/5458 There's another stack-based buffer overflow in demux_nfs.c line 111: this->copyright = strdup(&header[0x4E]); line 189: char copyright[100]; line 208: sprintf(copyright, "(C) %s", this->copyright); Regards Laurent Gaffié