The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. Upstream patch: https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc
Created clamav tracking bugs for this issue: Affects: epel-all [bug 1483912] Affects: fedora-all [bug 1483911]