Incoming details.
A flaw was found in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. Package is not yet ready for stabilization, we will fix some additional issues first.
@Whissi are you referring to the other built-in lib?
This issue was resolved and addressed in GLSA 201904-12 at https://security.gentoo.org/glsa/201904-12 by GLSA coordinator Aaron Bauman (b-man).