Gentoo Linux Security Advisory GLSA 200709-14 - Nikolaos Rangos discovered a vulnerability in ClamAV which exists because the recipient address extracted from email messages is not properly sanitized before being used in a call to popen() when executing sendmail (CVE-2007-4560). Also, NULL-pointer dereference errors exist within the cli_scanrtf() function in libclamav/rtf.c and Stefanos Stamatis discovered a NULL-pointer dereference vulnerability within the cli_html_normalise() function in libclamav/htmlnorm.c (CVE-2007-4510). Versions less than 0.91.2 are affected.
f5268da5fa00432a3fdf6c08174761a93c9465ba542aa5f73fb11dc7a3e3149b