iDefense Security Advisory 04.14.08 – Remote exploitation of a heap overflow vulnerability in Clam AntiVirus’ ClamAV, as included in various vendors’ operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists within the code responsible for reading in sections within a PE binary packed with the WWPack executable compressor. iDefense has confirmed the existence of this vulnerability in ClamAV 0.92.1. Previous versions may also be affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/65565/04.14.08-2.txt
Source: https://packetstormsecurity.com/files/65565/iDEFENSE-Security-Advisory-2008-04-14.2.html