CVE-2025-7010 - Vulnerability Details

- Avast antivirus stack overflow when scanning a malformed PDF file

Description

Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process.

This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25021208.

The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

Published: 2026-06-12

Score: 5.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A stack overflow caused by uncontrolled recursion in Avast’s PDF scanning logic can crash the antivirus process, resulting in a denial‑of‑service condition. The flaw is a classic stack overflow (CWE‑674) that does not provide remote code execution, but terminates the security product and can hinder system protection.

Affected Systems

The vulnerability affects Gen Digital products that rely on the shared virus‑definition update stream, including AVG Antivirus, Avast Antivirus, Avast Business Antivirus, Avast One, and Norton Antivirus. It applies to Windows, macOS, and Linux installations that use virus‑definition builds earlier than VPS 25021208. All builds at or above VPS 25021208 are immune, regardless of the consuming product.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. EPSS is not available, and the flaw is not listed in the CISA KEV catalog. The likely attack vector is a malformed PDF file that is scanned by the antivirus, either locally or during automated content inspection. Exploitation would require the victim to trigger a scan of the crafted PDF; no remote exploitation path is documented.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Gen Digital

Avast Antivirus

affected

Version	Status	Constraints
`0`	affected	< 25021208

Gen Digital

AVG Antivirus

affected

Version	Status	Constraints
`0`	affected	< 25021208

Gen Digital

Norton Antivirus

affected

Version	Status	Constraints
`0`	affected	< 25021208

Gen Digital

Avast One

affected

Version	Status	Constraints
`0`	affected	< 25021208

Gen Digital

Avast Business Antivirus

affected

Version	Status	Constraints
`0`	affected	< 25021208

No data.

No data available yet.

Remediation

Vendor Solution

Install virus definitions VPS 25021208 or any later virus-definition update. All builds at or above VPS 25021208 include the fix; staying current on definitions is required.

OpenCVE Recommended Actions

Apply the latest virus definition update (VPS 25021208 or newer).
Verify that the antivirus product uses the updated stream; reinstall or update the product if necessary.
Enable automatic definition updates to receive future patches automatically.

Generated by OpenCVE AI on June 12, 2026 at 23:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.gendigital.com/us/en/contact-us/security-advisories/

History

Fri, 12 Jun 2026 22:15:00 +0000

Type	Values Removed	Values Added
Description		Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25021208. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.
Title		Avast antivirus stack overflow when scanning a malformed PDF file
Weaknesses		CWE-674
References		https://www.gendigital.com/us/en/contact-us/security-advisories/
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GEN

Published: 2026-06-12T22:11:22.855Z

Updated: 2026-06-12T22:11:22.855Z

Reserved: 2025-07-02T08:18:37.465Z

Link: CVE-2025-7010

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-12T22:16:49.080

Modified: 2026-06-12T22:16:49.080

Link: CVE-2025-7010

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-12T23:30:08Z

Weaknesses

CWE-674
Uncontrolled Recursion

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object