Two Denial of Service (DoS) vulnerabilities have been identified impacting a older version of the Symantec Decomposer used to parse some types of archive content while scanning for malicious content in some of Symantec's legacy product versions. The risk is MEDIUM. The first issue is triggered when it receives malicious content. If sufficiently malformed, this could possibly cause large amounts of memory to be consumed which could result in a Denial of Service. The second issue is a buffer overflow that can cause the decomposer to crash causing a Denial of Servcie condition and the potential for remote code execution.
More...