Mandriva Linux Security Advisory 2015-163 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The grub2 package is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.
6ae284d0de868ab7f87fb05d92e7bbec5da0551f41a32b761bd68e4d8f04ff31