Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors related to lists of numbers.
http://www.vupen.com/english/advisories/2007/1213
http://www.tinymux.org/changes.txt
http://www.securityfocus.com/bid/23292
http://www.debian.org/security/2007/dsa-1317
http://secunia.com/advisories/25784
http://secunia.com/advisories/24733
http://code.google.com/p/tinymux/issues/detail?id=282&can=2&q=