An out of bounds write was possible within ClamAV's NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library (CVE-2019-12900).
Tag: ClamAV
ASA-2019-00631 – ClamAV: Zip Bomb Vulnerability
ClamAV versions prior to 0.101.4 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.