Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.
https://exchange.xforce.ibmcloud.com/vulnerabilities/19031
http://www.mandriva.com/security/advisories?name=MDKSA-2005:024