The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.045
EPSS Ranking 90.4%