Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
CVSS Metrics
