Malicious change in mixed transactions

A specially crafted multisig transaction could leverage a inconsistent sanitization of inputs to include a change output of an attacker, which wasn't confirmed by the user.