Ok, but for most users the only place that would occur would be the address input or amount right? (I know just a tiny bit about buffer overflows) The address would have to be pretty malformed to work right? I guess if you're opening bitcoin with a script it would be easier...
Another input is the data sent from node to node. A malicious node could craft a transaction that the victim node will process to check for validity. The vulnerability could be in the transaction processing routine.