Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.
https://github.com/espruino/Espruino/issues/1434
https://github.com/espruino/Espruino/files/2022588/input.txt
https://github.com/espruino/Espruino/commit/c36d30529118aa049797db43f111ddad468aad29