Search criteria

9 vulnerabilities found for Avira Antivirus by Gen Digital

CVE-2026-6676 (GCVE-0-2026-6676)

Vulnerability from cvelistv5 – Published: 2026-06-12 22:16 – Updated: 2026-06-15 18:01
VLAI?
Title
Avira antivirus engine heap buffer OOB write when scanning a malformed POSIX tar archive
Summary
Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.27.12.
CWE
Assigner
GEN
Impacted products
Vendor Product Version
Gen Digital Avira Antivirus Affected: 0 , < 8.3.27.12 (custom)
Create a notification for this product.
Credits
Mike Zhang, an independent security researcher
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6676",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T17:35:52.739611Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T18:01:27.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "macOS",
            "Linux"
          ],
          "product": "Avira Antivirus",
          "vendor": "Gen Digital",
          "versions": [
            {
              "lessThan": "8.3.27.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Mike Zhang, an independent security researcher"
        }
      ],
      "datePublic": "2026-02-26T11:42:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\u003cp\u003eThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.27.12.\u003c/p\u003e"
            }
          ],
          "value": "Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\n\nThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.27.12."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T22:16:27.745Z",
        "orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
        "shortName": "GEN"
      },
      "references": [
        {
          "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Avira scan engine build \u003cstrong\u003e8.3.27.12\u003c/strong\u003e or \u003cstrong\u003eany later\u003c/strong\u003e engine release. Builds at or above 8.3.27.12 include the fix."
            }
          ],
          "value": "Upgrade to Avira scan engine build 8.3.27.12 or any later engine release. Builds at or above 8.3.27.12 include the fix."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Avira antivirus engine heap buffer OOB write when scanning a malformed POSIX tar archive",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
    "assignerShortName": "GEN",
    "cveId": "CVE-2026-6676",
    "datePublished": "2026-06-12T22:16:27.745Z",
    "dateReserved": "2026-04-20T14:46:06.355Z",
    "dateUpdated": "2026-06-15T18:01:27.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14098 (GCVE-0-2025-14098)

Vulnerability from cvelistv5 – Published: 2026-06-12 22:16 – Updated: 2026-06-15 18:09
VLAI?
Title
Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable file
Summary
Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.104.
CWE
  • CWE-787 - Out-of-bounds Write
  • CWE-190 - Integer Overflow or Wraparound
Assigner
GEN
Impacted products
Vendor Product Version
Gen Digital Avira Antivirus Affected: 0 , < 8.3.70.104 (custom)
Create a notification for this product.
Credits
Mike Zhang, an independent security researcher
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14098",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T18:03:26.952634Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T18:09:10.360Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "macOS",
            "Linux"
          ],
          "product": "Avira Antivirus",
          "vendor": "Gen Digital",
          "versions": [
            {
              "lessThan": "8.3.70.104",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Mike Zhang, an independent security researcher"
        }
      ],
      "datePublic": "2025-12-05T12:20:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\u003cp\u003eThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.104.\u003c/p\u003e"
            }
          ],
          "value": "Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\n\nThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.104."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T22:16:01.317Z",
        "orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
        "shortName": "GEN"
      },
      "references": [
        {
          "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Avira scan engine build \u003cstrong\u003e8.3.70.104\u003c/strong\u003e or \u003cstrong\u003eany later\u003c/strong\u003e engine release. Builds at or above 8.3.70.104 include the fix."
            }
          ],
          "value": "Upgrade to Avira scan engine build 8.3.70.104 or any later engine release. Builds at or above 8.3.70.104 include the fix."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable file",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
    "assignerShortName": "GEN",
    "cveId": "CVE-2025-14098",
    "datePublished": "2026-06-12T22:16:01.317Z",
    "dateReserved": "2025-12-05T10:54:10.986Z",
    "dateUpdated": "2026-06-15T18:09:10.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9033 (GCVE-0-2025-9033)

Vulnerability from cvelistv5 – Published: 2026-06-12 22:15 – Updated: 2026-06-15 18:10
VLAI?
Title
Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 3)
Summary
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.76.
CWE
Assigner
GEN
Impacted products
Vendor Product Version
Gen Digital Avira Antivirus Affected: 0 , < 8.3.70.76 (custom)
Create a notification for this product.
Credits
Mike Zhang, an independent security researcher
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9033",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T18:10:00.379106Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T18:10:18.131Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "macOS",
            "Linux"
          ],
          "product": "Avira Antivirus",
          "vendor": "Gen Digital",
          "versions": [
            {
              "lessThan": "8.3.70.76",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Mike Zhang, an independent security researcher"
        }
      ],
      "datePublic": "2025-08-15T14:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\u003cp\u003eThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.76.\u003c/p\u003e"
            }
          ],
          "value": "Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\n\nThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.76."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T22:15:25.006Z",
        "orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
        "shortName": "GEN"
      },
      "references": [
        {
          "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Avira scan engine build \u003cstrong\u003e8.3.70.76\u003c/strong\u003e or \u003cstrong\u003eany later\u003c/strong\u003e engine release. Builds at or above 8.3.70.76 include the fix."
            }
          ],
          "value": "Upgrade to Avira scan engine build 8.3.70.76 or any later engine release. Builds at or above 8.3.70.76 include the fix."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 3)",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
    "assignerShortName": "GEN",
    "cveId": "CVE-2025-9033",
    "datePublished": "2026-06-12T22:15:25.006Z",
    "dateReserved": "2025-08-14T11:15:45.781Z",
    "dateUpdated": "2026-06-15T18:10:18.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9032 (GCVE-0-2025-9032)

Vulnerability from cvelistv5 – Published: 2026-06-12 22:14 – Updated: 2026-06-15 18:10
VLAI?
Title
Avira antivirus engine heap buffer OOB read when scanning a malformed PE file
Summary
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.98.
CWE
Assigner
GEN
Impacted products
Vendor Product Version
Gen Digital Avira Antivirus Affected: 0 , < 8.3.70.98 (custom)
Create a notification for this product.
Credits
Mike Zhang, an independent security researcher
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9032",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T18:10:37.267595Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T18:10:58.866Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "macOS",
            "Linux"
          ],
          "product": "Avira Antivirus",
          "vendor": "Gen Digital",
          "versions": [
            {
              "lessThan": "8.3.70.98",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Mike Zhang, an independent security researcher"
        }
      ],
      "datePublic": "2025-08-14T11:32:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\u003cp\u003eThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.98.\u003c/p\u003e"
            }
          ],
          "value": "Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\n\nThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.98."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T22:14:51.060Z",
        "orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
        "shortName": "GEN"
      },
      "references": [
        {
          "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Avira scan engine build \u003cstrong\u003e8.3.70.98\u003c/strong\u003e or \u003cstrong\u003eany later\u003c/strong\u003e engine release. Builds at or above 8.3.70.98 include the fix."
            }
          ],
          "value": "Upgrade to Avira scan engine build 8.3.70.98 or any later engine release. Builds at or above 8.3.70.98 include the fix."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Avira antivirus engine heap buffer OOB read when scanning a malformed PE file",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
    "assignerShortName": "GEN",
    "cveId": "CVE-2025-9032",
    "datePublished": "2026-06-12T22:14:51.060Z",
    "dateReserved": "2025-08-14T11:11:49.220Z",
    "dateUpdated": "2026-06-15T18:10:58.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7018 (GCVE-0-2025-7018)

Vulnerability from cvelistv5 – Published: 2026-06-12 22:13 – Updated: 2026-06-15 16:01
VLAI?
Title
Avira antivirus engine null pointer dereference when scanning a malformed PE file
Summary
Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
GEN
Impacted products
Vendor Product Version
Gen Digital Avira Antivirus Affected: 0 , < 8.3.70.64 (custom)
Create a notification for this product.
Credits
Mike Zhang, an independent security researcher
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T16:01:30.901318Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T16:01:44.198Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "macOS",
            "Linux"
          ],
          "product": "Avira Antivirus",
          "vendor": "Gen Digital",
          "versions": [
            {
              "lessThan": "8.3.70.64",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Mike Zhang, an independent security researcher"
        }
      ],
      "datePublic": "2025-01-31T11:34:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process.\u003cp\u003eThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.\u003c/p\u003e"
            }
          ],
          "value": "Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process.\n\nThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-125",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-125 Denial of Service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T22:13:49.820Z",
        "orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
        "shortName": "GEN"
      },
      "references": [
        {
          "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Avira scan engine build \u003cstrong\u003e8.3.70.64\u003c/strong\u003e or \u003cstrong\u003eany later\u003c/strong\u003e engine release. Builds at or above 8.3.70.64 include the fix."
            }
          ],
          "value": "Upgrade to Avira scan engine build 8.3.70.64 or any later engine release. Builds at or above 8.3.70.64 include the fix."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Avira antivirus engine null pointer dereference when scanning a malformed PE file",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
    "assignerShortName": "GEN",
    "cveId": "CVE-2025-7018",
    "datePublished": "2026-06-12T22:13:49.820Z",
    "dateReserved": "2025-07-02T12:01:13.717Z",
    "dateUpdated": "2026-06-15T16:01:44.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7017 (GCVE-0-2025-7017)

Vulnerability from cvelistv5 – Published: 2026-06-12 22:13 – Updated: 2026-06-15 16:02
VLAI?
Title
Avira antivirus engine heap buffer OOB read when scanning a malformed Windows MSI file
Summary
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56.
CWE
Assigner
GEN
Impacted products
Vendor Product Version
Gen Digital Avira Antivirus Affected: 0 , < 8.3.70.56 (custom)
Create a notification for this product.
Credits
Mike Zhang, an independent security researcher
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T16:02:02.586536Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T16:02:13.703Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "macOS",
            "Linux"
          ],
          "product": "Avira Antivirus",
          "vendor": "Gen Digital",
          "versions": [
            {
              "lessThan": "8.3.70.56",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Mike Zhang, an independent security researcher"
        }
      ],
      "datePublic": "2025-01-17T15:40:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\u003cp\u003eThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56.\u003c/p\u003e"
            }
          ],
          "value": "Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\n\nThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T22:13:13.533Z",
        "orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
        "shortName": "GEN"
      },
      "references": [
        {
          "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Avira scan engine build \u003cstrong\u003e8.3.70.56\u003c/strong\u003e or \u003cstrong\u003eany later\u003c/strong\u003e engine release. Builds at or above 8.3.70.56 include the fix."
            }
          ],
          "value": "Upgrade to Avira scan engine build 8.3.70.56 or any later engine release. Builds at or above 8.3.70.56 include the fix."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Avira antivirus engine heap buffer OOB read when scanning a malformed Windows MSI file",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
    "assignerShortName": "GEN",
    "cveId": "CVE-2025-7017",
    "datePublished": "2026-06-12T22:13:13.533Z",
    "dateReserved": "2025-07-02T11:59:07.847Z",
    "dateUpdated": "2026-06-15T16:02:13.703Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7003 (GCVE-0-2025-7003)

Vulnerability from cvelistv5 – Published: 2026-06-12 22:02 – Updated: 2026-06-15 17:14
VLAI?
Title
Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 1)
Summary
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56.
CWE
Assigner
GEN
Impacted products
Vendor Product Version
Gen Digital Avira Antivirus Affected: 0 , < 8.3.70.56 (custom)
Create a notification for this product.
Credits
Mike Zhang, an independent security researcher
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T17:14:16.374533Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T17:14:27.190Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "macOS",
            "Linux"
          ],
          "product": "Avira Antivirus",
          "vendor": "Gen Digital",
          "versions": [
            {
              "lessThan": "8.3.70.56",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Mike Zhang, an independent security researcher"
        }
      ],
      "datePublic": "2025-06-13T09:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\u003cp\u003eThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56.\u003c/p\u003e"
            }
          ],
          "value": "Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\n\nThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T22:02:30.484Z",
        "orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
        "shortName": "GEN"
      },
      "references": [
        {
          "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Avira scan engine build \u003cstrong\u003e8.3.70.56\u003c/strong\u003e or \u003cstrong\u003eany later\u003c/strong\u003e engine release. Builds at or above 8.3.70.56 include the fix."
            }
          ],
          "value": "Upgrade to Avira scan engine build 8.3.70.56 or any later engine release. Builds at or above 8.3.70.56 include the fix."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 1)",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
    "assignerShortName": "GEN",
    "cveId": "CVE-2025-7003",
    "datePublished": "2026-06-12T22:02:30.484Z",
    "dateReserved": "2025-07-02T07:39:58.345Z",
    "dateUpdated": "2026-06-15T17:14:27.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7002 (GCVE-0-2025-7002)

Vulnerability from cvelistv5 – Published: 2026-06-12 21:59 – Updated: 2026-06-15 17:13
VLAI?
Title
Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2)
Summary
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68.
CWE
Assigner
GEN
Impacted products
Vendor Product Version
Gen Digital Avira Antivirus Affected: 0 , < 8.3.70.68 (custom)
Create a notification for this product.
Credits
Mike Zhang, an independent security researcher
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7002",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T17:13:11.683382Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T17:13:17.522Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "macOS",
            "Linux"
          ],
          "product": "Avira Antivirus",
          "vendor": "Gen Digital",
          "versions": [
            {
              "lessThan": "8.3.70.68",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Mike Zhang, an independent security researcher"
        }
      ],
      "datePublic": "2025-05-26T11:28:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\u003cp\u003eThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68.\u003c/p\u003e"
            }
          ],
          "value": "Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\n\nThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T21:59:52.538Z",
        "orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
        "shortName": "GEN"
      },
      "references": [
        {
          "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Avira scan engine build \u003cstrong\u003e8.3.70.68\u003c/strong\u003e or \u003cstrong\u003eany later\u003c/strong\u003e engine release. Builds at or above 8.3.70.68 include the fix."
            }
          ],
          "value": "Upgrade to Avira scan engine build 8.3.70.68 or any later engine release. Builds at or above 8.3.70.68 include the fix."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2)",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
    "assignerShortName": "GEN",
    "cveId": "CVE-2025-7002",
    "datePublished": "2026-06-12T21:59:52.538Z",
    "dateReserved": "2025-07-02T07:27:26.206Z",
    "dateUpdated": "2026-06-15T17:13:17.522Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-8351 (GCVE-0-2025-8351)

Vulnerability from cvelistv5 – Published: 2025-12-01 15:51 – Updated: 2026-06-12 22:32
VLAI?
Title
Avira antivirus engine heap buffer OOB read when scanning a malformed file
Summary
Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avira Antivirus engine when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.98.
CWE
Assigner
Impacted products
Vendor Product Version
Gen Digital Avira Antivirus Affected: 0 , < 8.3.70.98 (custom)
Create a notification for this product.
Credits
Mike Zhang, an independent security researcher
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8351",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-01T15:57:24.184526Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-01T15:58:28.472Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "macOS",
            "Linux"
          ],
          "product": "Avira Antivirus",
          "vendor": "Gen Digital",
          "versions": [
            {
              "lessThan": "8.3.70.98",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Mike Zhang, an independent security researcher"
        }
      ],
      "datePublic": "2025-06-25T08:25:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avira Antivirus engine when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\u003cp\u003eThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.98.\u003c/p\u003e"
            }
          ],
          "value": "Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avira Antivirus engine when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.\n\nThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.98."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T22:32:51.689Z",
        "orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
        "shortName": "GEN"
      },
      "references": [
        {
          "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Avira scan engine build \u003cstrong\u003e8.3.70.98\u003c/strong\u003e or \u003cstrong\u003eany later\u003c/strong\u003e engine release. Builds at or above 8.3.70.98 include the fix."
            }
          ],
          "value": "Upgrade to Avira scan engine build 8.3.70.98 or any later engine release. Builds at or above 8.3.70.98 include the fix."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Avira antivirus engine heap buffer OOB read when scanning a malformed file",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
    "assignerShortName": "NLOK",
    "cveId": "CVE-2025-8351",
    "datePublished": "2025-12-01T15:51:42.044Z",
    "dateReserved": "2025-07-30T11:48:44.820Z",
    "dateUpdated": "2026-06-12T22:32:51.689Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}