When installing themes with unterminated colour formatting
sequences, Irssi may access data beyond the end of the string.
While waiting for the channel synchronisation, Irssi may
incorrectly fail to remove destroyed channels from the query list,
resulting in use after free conditions when updating the state later
on.
Certain incorrectly formatted DCC CTCP messages could cause NULL
pointer dereference.
Overlong nicks or targets may result in a NULL pointer dereference
while splitting the message.
In certain cases Irssi may fail to verify that a Safe channel ID
is long enough, causing reads beyond the end of the string.