libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPT_KRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amount of data immediately following. A malicious or just broken server can claim to send a very large block and if by doing that it makes curl's subsequent call to realloc() to fail, curl would then misbehave in the exit path and double-free the memory. In practical terms, an up to 4 GB memory area may very well be fine to allocate on a modern 64 bit system but on 32 bit systems it will fail.
An arbitrary file copy vulnerability in mod_copy in ProFTPD allows for remote code execution and information disclosure.
A vulnerability in the FTP daemon on MikroTik routers could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.