The software misinterprets an input, whether from an attacker
					or another product, in a security-relevant fashion.