Will Drewry has reported some vulnerabilities in Cscope,
which potentially can be exploited by malicious people to
compromise a vulnerable system.
Various boundary errors within the parsing of file lists
or the expansion of environment variables can be exploited
to cause stack-based buffer overflows when parsing
specially crafted "cscope.lists" files or directories.
A boundary error within the parsing of command line
arguments can be exploited to cause a stack-based buffer
overflow when supplying an overly long "reffile" argument.
Successful exploitation may allow execution of arbitrary
code.