From ${URL} : libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Upstream patch: https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The fix is present in clamav-0.99.4.
This issue was resolved and addressed in GLSA 201804-16 at https://security.gentoo.org/glsa/201804-16 by GLSA coordinator Aaron Bauman (b-man).