Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password.