ClamAV , the open source anti-virus software that’s valuable to so many, recently fixed a vulnerability that might allow an attacker to get their code running in a privileged context. Typically, an anti-virus engine doesn’t usually need to understand the files it checks, it just compares the bytes against its list of known malware signatures.
Article Link: https://www.forcepoint.com/blog/x-labs/examining-clamav-security-flaw