The function "sprintf" was used heavily throughout the Asterisk IMAP-specific voicemail code. After auditing the code, two vulnerabilities were discovered, both buffer overflows.

http://www.securiteam.com/unixfocus/6N00E0AK0W.html