Maksymilian Arciemowicz reported memory corruption issues in the libstdc++ C++ regex library. If an attacker were able to make an application using this library process a specially-crafted regular expression, it could cause the application to crash or, potentially, execute arbitrary code.
Currently on Fedora, this requires compiling the affected program with the experimental ISO C++ 2011 support by using the "-std=c++11" option.
Created gcc tracking bugs for this issue:
Affects: fedora-all [bug 1126692]
CVE request: http://www.openwall.com/lists/oss-security/2014/08/05/4
As pointed out by Rich Felker, this is not a flaw in the "ISO C++ 2011 regex library" specification, but rather a GCC/libstdc++ bug: