It depends on what controls the allocation in code. If it's secure it puts x bytes in a x bytes buffer after a verified pointer in meta data with no parsing except after allocation of said buffer. Otherwise it can likely be exploited for code execution through malicious hashing&encoding.

Even if it's not the case here with the reference implementation, that doesn't mean it's not the case with other full clients.

If we're going to raise alerts over dos and block spamming I could easily post a python script that fork-spams the block-chain and bloats it with orphan blocks. I'm more interested in programming flaws though and not the genius currency design that changes hundredths at second intervals and has arbitrary fees..

EDIT: I only mention it because it's obvious that the reference implementation and all the clients based on it just blindly allocate and mine on the block-chain.. At some point malicious people will exploit it..