Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.
https://exchange.xforce.ibmcloud.com/vulnerabilities/33594
http://www.vupen.com/english/advisories/2007/1347
http://www.securityfocus.com/bid/23406
http://secunia.com/advisories/24864