scanf and related functions in glibc prior to 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.
gnu glibc