Debian Security Advisory DSA 510-1 - jaguar discovered a format string vulnerability in jftpgw, an FTP proxy program, whereby a remote user could potentially cause arbitrary code to be executed with the privileges of the jftpgw server process, which runs as user nobody by default.
f55238d5fd6e9e9d981a76a2e1dc889b92861edfce10fd634692ef07f9ada8e8