ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.
http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html
http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html
http://ubuntu.com/usn/usn-2594-1