In a blog entry dedicated to this ClamAV bug, WabiSabiLabi said the vulnerability (and reliable proof-of-concept exploit code) allows a malicious user to execute arbitrary code on the machine running one of the utilities of the ClamAV suite.
The latest verified vulnerable version is 0.91.1 but other versions could be affected as well. As you can obviously imagine, the impact of this vulnerability is ravaging.
When exploited, the vulnerability allows an attacker to execute arbitrary code on the target machine in the context of the user running the affected application and to have a "base" on the local network/DMZ, thus having the possibility to escalate privileges (if needed) and compromise other servers nearby the attacked one.
Of course, as it's an anti-virus engine designed for mail servers, the attacker can locally escalate his privileges and get access to all the mail traffic to and from the company just by sniffing the traffic on the compromised machine.
In a home scenario, even if ClamAV is not widely used in such environment, the impact can also be high. If a home computer is compromised, the attacker can access documents and files stored on that computer and use these informations to gain higher privileges.