clamav is vulnerable to denial of service. An attacker can crash the application through the multi-byte heap buffer overflow write where an attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.