CVE 2016-4571
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
See the 
CVE page on Mitre.org
for more details.
