A printf is called with a user supplied format string.

CVE-2014-0160: This is "heartbit", a redacted version of the portions of openssl-1.0.1f that cause the now infamous "heartbleed" exploit to expose private memory of any process running a exploitable version of openssl. It easily compiles & runs on many current unix / linux boxes, including cygwin...

CVE-2006-7197

CVE-2007-6286

CVE-2008-5519

CVE-2012-4285

CVE-2012-4287

CVE-2012-4288

CVE-2012-4289

CVE-2012-4290

CVE-2012-4291

CVE-2012-4293

CVE-2012-4294 / CVE-2012-4295

CVE-2012-4296

CVE-2012-3548

CVE-2012-5237

CVE-2012-5238

CVE-2012-5240

CVE-2012-6053

CVE-2012-6054

CVE-2012-6055

CVE-2013-1575

CVE-2013-1576

CVE-2013-1581

CVE-2013-1590