The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.