I saw a conclusion that a C++ variadic function using C-style ellipsis can be vulnerable when an attacker designs some kind of input into the function to run arbitrary code.
