A SITIC Vulnerability Advisory reports:
Evolution suffers from several format string bugs when handling data from remote sources. These bugs lead to crashes or the execution of arbitrary assembly language code.
The first format string bug occurs when viewing the full vCard data attached to an e-mail message. The second format string bug occurs when displaying contact data from remote LDAP servers. The third format string bug occurs when displaying task list data from remote servers. The fourth, and least serious, format string bug occurs when the user goes to the Calendars tab to save task list data that is vulnerable to problem 3 above. Other calendar entries that do not come from task lists are also affected.