Description
Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.

This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.104.
Published: 2026-06-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises from an integer overflow in the Avira Antivirus engine that causes a heap buffer out‑of‑bounds write when scanning a specially crafted MS‑DOS executable. The flaw can lead to local code execution or a denial‑of‑service of the antivirus process, potentially compromising the integrity and availability of the host system.

Affected Systems

Affected products are Avira Antivirus running on Windows, macOS, and Linux with engine builds prior to 8.3.70.104. The issue impacts any installation that has not yet upgraded to the fixed build, regardless of the operating system.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity level, while no EPSS data or KEV listing reduces the available exploitation probability metrics. Attack is local; an adversary would need to supply a malformed MS‑DOS executable to the AV engine, for example by placing it in a directory that the scanner automatically processes. Because the weakness is an integer‑overflow induced heap overwrite, exploitation requires sufficient privileges to trigger the scan, making it a local privilege escalation or interruption vector.

Generated by OpenCVE AI on June 13, 2026 at 00:21 UTC.

Remediation

Vendor Solution

Upgrade to Avira scan engine build 8.3.70.104 or any later engine release. Builds at or above 8.3.70.104 include the fix.

OpenCVE Recommended Actions

  • Upgrade to Avira scan engine build 8.3.70.104 or any later release to remove the integer overflow and heap overflow flaw.
  • If an immediate upgrade is not possible, restrict the scanning of untrusted or unknown MS‑DOS executables by isolating them from directories processed by the AV engine or disabling automatic scanning of executable files that may contain malformed headers.
  • Monitor the antivirus engine process for abnormal termination or crashes and enforce least privilege for the AV service to limit the impact of any potential exploitation.

Generated by OpenCVE AI on June 13, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Description Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.104.
Title Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable file
Weaknesses CWE-190
CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GEN

Published:

Updated: 2026-06-12T22:16:01.317Z

Reserved: 2025-12-05T10:54:10.986Z

Link: CVE-2025-14098

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T23:16:27.350

Modified: 2026-06-12T23:16:27.350

Link: CVE-2025-14098

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T00:30:10Z

Weaknesses