The put_chars function in html_r.c in Twibright Links 2.14 allows remote malicious users to cause a denial of service (buffer over-read) via a crafted HTML file.
twibright links 2.14