The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."

The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.