A boundary error when processing "div" HTML tags can be exploited
to cause a stack-based buffer overflow via an overly long "id"
parameter.
A boundary error exists when processing overly long links. This can
be exploited to cause a stack-based buffer overflow by tricking the
user into e.g. editing a malicious link.
A boundary error when processing e.g. a "bdo" HTML tag having an
overly long "dir" attribute can be exploited to cause a stack-based
buffer overflow.
A boundary error when processing "input" HTML tags can be
exploited to cause a stack-based buffer overflow via an overly long
e.g. "type" attribute.