exim4 is vulnerable to information disclosure. The vulnerability exists due to a boundary condition in smtp_setup_msg() function. A remote attacker can send specially crafted message to the system, trigger out-of-bounds read error and read contents of memory on the system.