CVE-2017-6419: heap-based buffer overflow in mspack/lzxd.c. mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CHM file.