solaris8 dtmail

[scanf <scanf () MONLINE-IS COM>]

hi,
I was playing around on my solaris8 box and i found something strange.

console@sunrise:pts/11:~$ /usr/dt/bin/dtmail
libSDtMail: Error: Xt Error: Can't open display:
console@sunrise:pts/11:~$ export DISPLAY="%s%s%s"
console@sunrise:pts/11:~$ /usr/dt/bin/dtmail
Segmentation Fault
console@sunrise:pts/11:~$

first glance it appears to be a format string vuln.  however i checked a little further.

console@sunrise:pts/11:~$ export DISPLAY="%"
console@sunrise:pts/11:~$ /usr/dt/bin/dtmail
Segmentation Fault
console@sunrise:pts/11:~$

It only needed a % to crash.  I don't have the source to this so I decided not to check it further.  It might be soem 
parse'ing error in the code.  I posted this in case anybody wants to investigate it.

console
console () sunrise monline-is com