fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.
http://www.securityfocus.com/bid/39556
http://www.securityfocus.com/archive/1/511140/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2011:107
http://www.fetchmail.info/fetchmail-SA-2010-02.txt
http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=17512