ClamAV LZH unpacking segmentation fault
Clamav uses an external unpacker, which can be deterministically crashed,
when processing corrupted LZH files.
ClamAV 0.93.3 and prior
Non Affected Software
ClamAV 0.94 and newer
Remote DoS, possibly remote code execution.
"Support for external unpackers has been dropped in 0.94 for security issues"
This vulnerability was discovered by Security Researcher
Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd.
First private disclosure to vendor on October 14th 2008
First vendor reply on October 15th 2008 : issue fixed.