Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user"s privileges.