Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects compface on distributions that used a certain patch.
http://www.securityfocus.com/bid/35863
http://www.openwall.com/lists/oss-security/2009/07/03/1
http://www.openwall.com/lists/oss-security/2009/06/29/4