libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Upstream patch: https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c
Created clamav tracking bugs for this issue: Affects: epel-all [bug 1483912] Affects: fedora-all [bug 1483911]