Folks will write a paper to say that a certain antivirus software's "antivirus library is prone to multiple heap-based buffer overflow vulnerabilities, which attackers could exploit to compromise computers running applications that use these libraries for virus protection."
How is it a surpise??? Puleeeease! All software is buggy, period. You can be 0wned thru pretty much anything you run, and, yes, antivirus and personal firewall too.