Description
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.

This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68.
Published: 2026-06-12
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A malformed PDF file triggers a heap buffer out‑of‑bounds read in the Avira Antivirus engine, allowing a locally authenticated user to read memory beyond the buffer. This flaw can lead to the execution of arbitrary code or cause the antivirus engine process to crash, resulting in denial of service. The vulnerability falls under CWE‑125.

Affected Systems

Gen Digital Avira Antivirus on Windows, macOS, and Linux, specifically engine builds older than 8.3.70.68, are affected.

Risk and Exploitability

The CVSS score of 7.8 signals high severity. The EPSS score is not available, and the flaw is not listed in CISA’s KEV catalog. Because the attack requires local execution and potentially local user access, the opportunity for exploitation may be limited to environments where a user can run the scanner, but once achieved, the attacker could elevate privileges or crash the antivirus process.

Generated by OpenCVE AI on June 12, 2026 at 23:25 UTC.

Remediation

Vendor Solution

Upgrade to Avira scan engine build 8.3.70.68 or any later engine release. Builds at or above 8.3.70.68 include the fix.


OpenCVE Recommended Actions

  • Upgrade Avira Antivirus to engine build 8.3.70.68 or any later release.
  • If patching cannot be applied immediately, isolate or quarantine the execution of the scanner for untrusted PDF files, such as by disabling PDF scanning or running the engine in a sandboxed environment.
  • Continuously monitor the antivirus process for crashes and apply any additional vendor updates as they become available.

Generated by OpenCVE AI on June 12, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 13 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Gen Digital
Gen Digital avira Antivirus
Vendors & Products Gen Digital
Gen Digital avira Antivirus

Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68.
Title Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Subscriptions

Gen Digital Avira Antivirus
cve-icon MITRE

Status: PUBLISHED

Assigner: GEN

Published:

Updated: 2026-06-15T17:13:17.522Z

Reserved: 2025-07-02T07:27:26.206Z

Link: CVE-2025-7002

cve-icon Vulnrichment

Updated: 2026-06-15T17:13:14.408Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T22:16:48.107

Modified: 2026-06-15T20:49:19.213

Link: CVE-2025-7002

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T12:29:44Z

Weaknesses