It affects Python applications that "accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param." The bug occurs because "sprintf" is used unsafely.