Description
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.

This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.76.
Published: 2026-06-12
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Out-of-bounds read vulnerability in Avira Antivirus engine occurs when parsing a malformed PDF, allowing a local user to trigger code execution or crash the scanning process, which can lead to denial of service. The flaw is a buffer over-read, classified as CWE-125.

Affected Systems

Affected systems include all versions of Gen Digital’s Avira Antivirus running on Windows, macOS, or Linux with engine builds older than 8.3.70.76. Builds 8.3.70.76 and later contain the fix.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no widespread exploitation has been reported. The likely attack vector is local, requiring an attacker to deliver a malicious PDF to a victim machine—such as via phishing or social engineering—then trigger the vulnerable scanning routine. Because the flaw is triggered during file parsing, remote exploitation without local access is not feasible.

Generated by OpenCVE AI on June 13, 2026 at 00:22 UTC.

Remediation

Vendor Solution

Upgrade to Avira scan engine build 8.3.70.76 or any later engine release. Builds at or above 8.3.70.76 include the fix.


OpenCVE Recommended Actions

  • Update Avira Antivirus engine to build 8.3.70.76 or later.
  • If an update is unavailable, temporarily disable automatic scanning of PDFs until the engine can be patched.
  • Restrict users from opening or sending malformed PDFs by enforcing email attachment rules and monitoring for suspicious PDF files.

Generated by OpenCVE AI on June 13, 2026 at 00:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 13 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Gen Digital
Gen Digital avira Antivirus
Vendors & Products Gen Digital
Gen Digital avira Antivirus

Fri, 12 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Description Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.76.
Title Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 3)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Subscriptions

Gen Digital Avira Antivirus
cve-icon MITRE

Status: PUBLISHED

Assigner: GEN

Published:

Updated: 2026-06-15T18:10:18.131Z

Reserved: 2025-08-14T11:15:45.781Z

Link: CVE-2025-9033

cve-icon Vulnrichment

Updated: 2026-06-15T18:10:05.671Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T23:16:31.193

Modified: 2026-06-15T20:49:19.213

Link: CVE-2025-9033

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T12:29:20Z

Weaknesses