Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.
https://exchange.xforce.ibmcloud.com/vulnerabilities/21373
http://www.idefense.com/application/poi/display?id=283&type=vulnerabilities&flashstatus=true