clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "0.98.5+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav" }, { "binary_version": "0.98.5+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-base" }, { "binary_version": "0.98.5+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-daemon" }, { "binary_version": "0.98.5+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-dbg" }, { "binary_version": "0.98.5+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-docs" }, { "binary_version": "0.98.5+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-freshclam" }, { "binary_version": "0.98.5+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-milter" }, { "binary_version": "0.98.5+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-testfiles" }, { "binary_version": "0.98.5+addedllvm-0ubuntu0.14.04.1", "binary_name": "libclamav-dev" }, { "binary_version": "0.98.5+addedllvm-0ubuntu0.14.04.1", "binary_name": "libclamav6" } ] }