FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow.
https://www.exploit-db.com/exploits/3276
https://exchange.xforce.ibmcloud.com/vulnerabilities/32416