libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1389)