Package: clamav Version: 0.86.1-2 Severity: critical clamav <= 0.86.1 has several heap overflows. "At least 4 of its file format processors contain remote security bugs. Specifically, during the processing of TNEF, CHM and FSG formats an attacker is able to trigger several integer overflows that allow attackers to overwrite heap data to obtain complete control of the system."
Original security advisory: http://www.rem0te.com/public/images/clamav.pdf ClamAV 0.86.2 release notes: http://sourceforge.net/project/shownotes.php?release_id=344514 Oliver Paulus