Format string vulnerability in XChat 1.2.x allows remote malicious users to execute arbitrary code via a malformed nickname.
xchat xchat 1.2.x