CVE-2006-1989
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
Date published : 2006-05-01
http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html