Description
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.

This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56.
Published: 2026-06-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap buffer out‑of‑bounds read vulnerability exists in the Avira Antivirus engine when scanning malformed PDF files. The flaw allows an attacker to read data beyond the intended bounds of a heap buffer, potentially enabling local execution of arbitrary code or causing the antivirus engine process to crash, resulting in denial of service. The weakness is classified as CWE‑125, indicating an out‑of‑bounds read.

Affected Systems

The vulnerability affects Gen Digital’s Avira Antivirus on Windows, macOS, and Linux. All builds of the scan engine released before build 8.3.70.56 are susceptible; newer builds contain the fix.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity impact. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting limited public exploitation data. The likely attack vector is local: an adversary would need to supply a specially crafted PDF to the Avira engine, for example by opening or otherwise scanning the file on a compromised machine. Once the malformed PDF is processed, the out‑of‑bounds read could be leveraged by a local attacker to inject or execute code, or simply to crash the engine, disrupting its operation.

Generated by OpenCVE AI on June 12, 2026 at 23:24 UTC.

Remediation

Vendor Solution

Upgrade to Avira scan engine build 8.3.70.56 or any later engine release. Builds at or above 8.3.70.56 include the fix.

OpenCVE Recommended Actions

  • Upgrade Avira Antivirus to scan engine build 8.3.70.56 or newer
  • Disallow the processing of untrusted or suspicious PDF documents until the update is installed
  • Monitor the antivirus process for abnormal crashes or memory read activity to detect exploitation attempts

Generated by OpenCVE AI on June 12, 2026 at 23:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56.
Title Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 1)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GEN

Published:

Updated: 2026-06-12T22:02:30.484Z

Reserved: 2025-07-02T07:39:58.345Z

Link: CVE-2025-7003

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T22:16:48.260

Modified: 2026-06-12T22:16:48.260

Link: CVE-2025-7003

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T23:30:08Z

Weaknesses