CVE-2008-1836
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
Date published : 2008-04-16
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html