libspf2 is vulnerable to remote code execution. The vulnerability exists due to a heap-based buffer overflow in SPF_record_expand_data in spf_expand.c in the system allowing an attacker to execute maliciously crafted script via an unauthenticated email message.