Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.
https://exchange.xforce.ibmcloud.com/vulnerabilities/13119
http://www.kb.cert.org/vuls/id/792284
http://www.kb.cert.org/vuls/id/219140