CVE 2017-11114

The put_chars function in html_r.c in Twibright Links 2.14 allows remote attackers to cause a denial of service (buffer over-read) via a crafted HTML file.

See the CVE page on Mitre.org for more details.