The bugs are in versions between 3.10 to 4.1.1, and are a mixture of broken boundary checks and heap overflows, with a some being easily exploitableThere are exploitable bugs on most platforms, including Linux, Solaris, x86 and BSD variants (which I assume includes Mac OS X). The greatest number of bugs affect Linux and Solaris.
The recommended fix is to upgrade to version 4.1.2
More info at CERT®
An earlier version of this article unforgivably broke the rights of Stefan Esser, for which I deeply apologise