iDefense Security Advisory 12.08.06 - Sophos AntiVirus Engine is vulnerable to a Heap Overflow attack when scanning malformed CHM archives. Specifically, if the CHM file has a Window_size of 0 set in a LZX decompression header then memory corruption will occur. Sophos Antivirus for Linux product version 4.03 and engine version 4.05 are affected.
182af370ccde593d5804cd8d52fb3416866ed89454cd4bd2364de8c278d29f3a