I did research and determined that a buffer overflow (or underflow) is possible by tampering with a QR code. A QR code can store about 7k character, but I think it is possible to stuff a whole script inside a QR. I highly doubt the 3DS's QR code reader can even read 7k characters to begin with...
