Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
Exploitability
AV:NAC:HAu:NImpact
C:PI:PA:P5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P