Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers from an off-by-one-error in its VBA project file processing, leading to a heap-based buffer overflow and potentially arbitrary code execution (CVE-2008-5050).
Ilja van Sprundel discovered that ClamAV contains a denial of service condition in its JPEG file processing because it does not limit the recursion depth when processing JPEG thumbnails (CVE-2008-5314).
For the stable distribution (etch), these problems have been fixed in version 0.90.1dfsg-4etch16.
For the unstable distribution (sid), these problems have been fixed in version 0.94.dfsg.2-1.
The testing distribution (lenny) will be fixed soon.
We recommend that you upgrade your clamav packages.