The bugs are in two functions, bech32_decode and cash_decode , there are a few lines that cause a buffer overflow if the input is between 85 and 90 characters and does not contain the character 1, these buffer overflows were detected on Trezor and could only be used to trigger a remote shutdown of the Trezor, no funds are in any danger by these bugs.