A SITIC Vulnerability Advisory reports:
Evolution suffers from several format string bugs when
handling data from remote sources. These bugs lead to
crashes or the execution of arbitrary assembly language
code.
- The first format string bug occurs when viewing the
full vCard data attached to an e-mail message.
- The second format string bug occurs when displaying
contact data from remote LDAP servers.
- The third format string bug occurs when displaying
task list data from remote servers.
- The fourth, and least serious, format string bug
occurs when the user goes to the Calendars tab to save
task list data that is vulnerable to problem 3
above. Other calendar entries that do not come from task
lists are also affected.