14 old software bugs that took way too long to squash

A curated list of 14 long-lived software vulnerabilities that went undetected for a decade or more before being patched. Examples span widely used software including libpng (30 years), Windows PrintDemon (24 years), PuTTY heap overflow (nearly 21 years), SIGRed DNS flaw (17 years), Python tarfile (15 years), Linux SCSI subsystem bugs (15 years), Redis RediShell (13 years), sudo host flag (nearly 12 years), HashiCorp Vault and CyberArk Conjur logic flaws (10 years), and Linux GRUB2 Secure Boot bypass (10 years). The cases illustrate how legacy design decisions, rarely-used code paths, and insufficient security-conscious programming practices can leave critical vulnerabilities dormant for years, sometimes exploited in the wild before discovery.