clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "clamav-docs": "0.98.5+addedllvm-0ubuntu0.14.04.1", "clamav": "0.98.5+addedllvm-0ubuntu0.14.04.1", "clamav-testfiles": "0.98.5+addedllvm-0ubuntu0.14.04.1", "clamav-base": "0.98.5+addedllvm-0ubuntu0.14.04.1", "clamav-freshclam": "0.98.5+addedllvm-0ubuntu0.14.04.1", "clamav-milter": "0.98.5+addedllvm-0ubuntu0.14.04.1", "clamav-daemon": "0.98.5+addedllvm-0ubuntu0.14.04.1", "libclamav6": "0.98.5+addedllvm-0ubuntu0.14.04.1", "libclamav-dev": "0.98.5+addedllvm-0ubuntu0.14.04.1", "clamav-dbg": "0.98.5+addedllvm-0ubuntu0.14.04.1" } ] }