Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause
a denial of service (crash) and possibly execute arbitrary code via multiple vectors
including (1) a long pathname that is not properly handled during file list parsing,
(2) long pathnames that result from path variable expansion such as tilde expansion for
HOME environment variable, and (3) a long -f (aka
reffile) command line argument.
Temporarily just giving the CVE summary: CVE-2006-4262