Description
Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process.

This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25021208.



The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.
Published: 2026-06-12
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack overflow caused by uncontrolled recursion in Avast’s PDF scanning logic can crash the antivirus process, resulting in a denial‑of‑service condition. The flaw is a classic stack overflow (CWE‑674) that does not provide remote code execution, but terminates the security product and can hinder system protection.

Affected Systems

The vulnerability affects Gen Digital products that rely on the shared virus‑definition update stream, including AVG Antivirus, Avast Antivirus, Avast Business Antivirus, Avast One, and Norton Antivirus. It applies to Windows, macOS, and Linux installations that use virus‑definition builds earlier than VPS 25021208. All builds at or above VPS 25021208 are immune, regardless of the consuming product.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. EPSS is not available, and the flaw is not listed in the CISA KEV catalog. The likely attack vector is a malformed PDF file that is scanned by the antivirus, either locally or during automated content inspection. Exploitation would require the victim to trigger a scan of the crafted PDF; no remote exploitation path is documented.

Generated by OpenCVE AI on June 12, 2026 at 23:22 UTC.

Remediation

Vendor Solution

Install virus definitions VPS 25021208 or any later virus-definition update. All builds at or above VPS 25021208 include the fix; staying current on definitions is required.


OpenCVE Recommended Actions

  • Apply the latest virus definition update (VPS 25021208 or newer).
  • Verify that the antivirus product uses the updated stream; reinstall or update the product if necessary.
  • Enable automatic definition updates to receive future patches automatically.

Generated by OpenCVE AI on June 12, 2026 at 23:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 13 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Gen Digital
Gen Digital avast Antivirus
Gen Digital avast Business Antivirus
Gen Digital avast One
Gen Digital avg Antivirus
Gen Digital norton Antivirus
Vendors & Products Gen Digital
Gen Digital avast Antivirus
Gen Digital avast Business Antivirus
Gen Digital avast One
Gen Digital avg Antivirus
Gen Digital norton Antivirus

Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25021208. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.
Title Avast antivirus stack overflow when scanning a malformed PDF file
Weaknesses CWE-674
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}


Subscriptions

Gen Digital Avast Antivirus Avast Business Antivirus Avast One Avg Antivirus Norton Antivirus
cve-icon MITRE

Status: PUBLISHED

Assigner: GEN

Published:

Updated: 2026-06-15T17:11:01.415Z

Reserved: 2025-07-02T08:18:37.465Z

Link: CVE-2025-7010

cve-icon Vulnrichment

Updated: 2026-06-15T17:10:57.935Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T22:16:49.080

Modified: 2026-06-15T20:49:19.213

Link: CVE-2025-7010

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T12:29:30Z

Weaknesses