The remote host is missing an update to xloadimage announced via advisory DSA 069-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20069-1

The version of xloadimage (a graphics files viewer for X) that was shipped in Debian GNU/Linux 2.2 has a buffer overflow in the code that handles FACES format images. This could be exploited by an attacker by tricking someone into viewing a specially crafted image using xloadimage which would allow him to execute arbitrary code. This problem was fixed in version 4.1-5potato1.