Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0548)