VSeeFace up to and including 1.13.38.c2 allows malicious users to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data.