Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game.