CVE-2014-9328: clamav: special crafted upack files may lead to segfault

[Sebastian Andrzej Siewior <cve-announce () ml breakpoint cc>]

upack is a tool for compressing .exe (.dll and such) files under
windows. clamav [0] is a virus scanning tool which is able to unpack
such files during scanning.

A handcrafted file could lead the de-compressor to access beyond bounds
leading to crash. This has been fixed via [1] and is part of the current
(0.96.6) release.

This bug has been discovered by AFL [2], american fuzzy lop.

[0] http://www.clamav.net/
[1] https://github.com/vrtadmin/clamav-devel/commit/5e1fbf3668bd167828d675830103b3c1ccdcb76d
[2] http://lcamtuf.coredump.cx/afl/

Sebastian