Some vulnerabilities have been reported in Sophos Anti-Virus, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

1) An error in the AntiVirus engine when processing RAR archives with "heap_size" and "pack_size" fields set to 0 in the Archive Header section can be exploited to make the engine enter into an infinite loop and stop scanning other files.

2) An error in the AntiVirus engine when processing CHM files with "Window_size" field set to 0 in the LZX decompression header can be exploited to cause a heap-based buffer overflow.

3) An error in the AntiVirus engine when processing CHM files with a large name length specified in the the CHM chunk header can be exploited to cause a memory corruption and may lead to execution of arbitrary code.

Please see the vendor's advisory for a list of affected versions.

Solution
Update to the latest version.

Provided and/or discovered by
1) Titon, BastardLabs, Damian Put, and an anonymous researcher.
2, 3) Damian Put

Changelog
Further details available in Customer Area

Original Advisory
Sophos:
http://www.sophos.com/support/knowledgebase/article/7609.html

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=452
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=451

Deep Links
Links available in Customer Area