Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields.
Exploitability
AV:NAC:LAu:NImpact
C:CI:CA:C10/AV:N/AC:L/Au:N/C:C/I:C/A:C