Impact
A heap buffer out‑of‑bounds read flaw exists in the Avira Antivirus scanning engine when it processes a specially crafted Windows MSI file. The vulnerability can lead either to the execution of arbitrary code in the context of the user launching the scan or to a denial‑of‑service condition that terminates the antivirus process. The weakness, classified as CWE‑125, highlights improper bounds checking during memory copy operations in the engine
Affected Systems
Gen Digital Avira Antivirus for Windows, macOS, and Linux is impacted for all engine builds earlier than 8.3.70.56. Users of these platforms should verify their installed antivirus engine version and plan an upgrade if necessary
Risk and Exploitability
The CVSS score of 7.8 indicates a high severity impact, while the EPSS score is currently unavailable, suggesting no publicly reported exploit yet. The entry is not listed in the CISA KEV catalog. An attacker must supply a malicious MSI file and execute a scan action, implying a local or privileged context is required. The lack of external exploitation data does not reduce the risk for environments that process untrusted MSI packages
OpenCVE Enrichment