An iDEFENSE Security Advisory reports:
Remote exploitation of an input validation error in Clam AntiVirus ClamAV allows attackers to cause a denial of service condition. The vulnerability specifically exists due to improper behavior during exceptional conditions. Successful exploitation allows attackers to exhaust file descriptors pool and memory. Anti-virus detection functionality will fail if there is no file descriptors available with which to open files. Remote exploitation can be achieved by sending a malicious file in an e-mail message or during an HTTP session.