Qinghao Tang reports:
The function ParseExtension() in openslp 1.2.1 contains vulnerability: an attacker can cause a denial of service (infinite loop) via a packet with crafted “nextoffset” value and “extid” value.
seclists.org/oss-sec/2015/q3/559