Some vulnerabilities have been reported in ClamAV, which can be
exploited by malicious people to cause a DoS (Denial of Service)
or to compromise a vulnerable system.
1) A boundary error exists within the "cli_scanpe()" function in
libclamav/pe.c. This can be exploited to cause a heap-based buffer
overflow via a specially crafted "Upack" executable.
Successful exploitation allows execution of arbitrary code.
2) A boundary error within the processing of PeSpin packed
executables in libclamav/spin.c can be exploited to cause a
heap-based buffer overflow.
Successful exploitation may allow execution of arbitrary code.
3) An unspecified error in the processing of ARJ files can be
exploited to hang ClamAV.