Version before 1.9.20151008 of the miniupnpc library are vulnerable to a buffer overflow in the XML parser during initial network discovery. The vulnerable code triggers at startup of Bitcoin Core if UPnP is enabled. Details of the vulnerability can be found here: talosintel.com/reports/TALOS-2015-0035/