Description
Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process.

This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25022500.



The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.
Published: 2026-06-12
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free in the scanning logic of the Gen Digital engine when processing a malformed Windows PE file. Exploit of this flaw can cause the antivirus process to crash, resulting in a denial‑of‑service condition for the user or system. The weakness is a classic Use After Free, categorized as CWE‑590. No information is provided that the crash could lead to code execution or data exfiltration.

Affected Systems

AV products built on the Gen Digital virus‑definition update stream—including Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast Business Antivirus, and Avast One—are affected on Windows, macOS, and Linux. Any build that predates the virus‑definition build VPS 25022500 uses the vulnerable scanning logic and therefore is susceptible.

Risk and Exploitability

The CVSS score of 5.5 reflects a moderate severity that mainly disrupts availability. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is inferred to be a locally or remotely delivered malformed PE file sent to the scanner; the description does not explicitly state network or privilege requirements, so the assumption is that delivery to the scan engine is necessary for exploitation. Due to the moderate CVSS, the risk is moderate; however, continuous scanning of unknown files is common, making the DoS impact potentially frequent if the update is not applied.

Generated by OpenCVE AI on June 12, 2026 at 23:23 UTC.

Remediation

Vendor Solution

Install virus definitions VPS 25022500 or any later virus-definition update. All builds at or above VPS 25022500 include the fix; staying current on definitions is required.

OpenCVE Recommended Actions

  • Install virus definitions VPS 25022500 or any later update on all affected antivirus products; this upgrade packages the fixed scanning logic.
  • Configure or confirm that the antivirus automatically refreshes definition streams, ensuring the updated build is in use across the system.
  • If an immediate update cannot be performed, temporarily suspend auto‑scanning of newly added or potentially malformed EXE files until the update is installed to prevent the DoS from occurring.

Generated by OpenCVE AI on June 12, 2026 at 23:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25022500. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.
Title Avast antivirus use of stack memory after free when scanning a malformed PE file
Weaknesses CWE-590
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GEN

Published:

Updated: 2026-06-12T22:08:57.786Z

Reserved: 2025-07-02T07:45:21.338Z

Link: CVE-2025-7006

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T22:16:48.670

Modified: 2026-06-12T22:16:48.670

Link: CVE-2025-7006

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T23:30:08Z

Weaknesses
  • CWE-590

    Free of Memory not on the Heap