Xfire 1.64 and previous versions allows remote malicious users to cause a denial of service (client application crash) via a long string to UDP port 25777.
xfire xfire