Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header.
http://www.vupen.com/english/advisories/2010/1218
http://www.debian.org/security/2010/dsa-2049