Description
Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.

This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.27.12.
Published: 2026-06-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap buffer out-of-bounds write in the Avira Antivirus engine occurs when scanning a malformed POSIX tar archive. The flaw, classified as CWE‑787, can allow a locally privileged user to trigger a code execution or cause a denial‑of‑service by crashing the antivirus process during scanning.

Affected Systems

All versions of Avira Antivirus for Windows, macOS, and Linux with engine builds older than 8.3.27.12 are impacted; newer builds contain the fix.

Risk and Exploitability

The CVSS score of 7.8 signifies high severity, but the EPSS score is not available, so the probability of exploitation is uncertain. The vulnerability is not listed in CISA KEV. Exploitation requires local access to a system running the affected engine and the ability to initiate scanning of a crafted tar file, either manually by a user or by a program that triggers antivirus scans. The lack of remote access limitations reduces the scope of impact compared to high‑risk remote exploitation, yet local code execution or denial-of-service remains a serious threat to users who run the affected antivirus build.

Generated by OpenCVE AI on June 13, 2026 at 00:50 UTC.

Remediation

Vendor Solution

Upgrade to Avira scan engine build 8.3.27.12 or any later engine release. Builds at or above 8.3.27.12 include the fix.

OpenCVE Recommended Actions

  • Upgrade Avira Antivirus to scan engine build 8.3.27.12 or later as per the vendor’s official solution.
  • If an immediate upgrade is not possible, temporarily disable automatic scanning of archive files to avoid processing malformed tar archives until the patch is applied.
  • After applying the fix, restart the antivirus service or reboot the machine to ensure the updated engine is in use.

Generated by OpenCVE AI on June 13, 2026 at 00:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Description Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.27.12.
Title Avira antivirus engine heap buffer OOB write when scanning a malformed POSIX tar archive
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GEN

Published:

Updated: 2026-06-12T22:16:27.745Z

Reserved: 2026-04-20T14:46:06.355Z

Link: CVE-2026-6676

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T23:16:45.007

Modified: 2026-06-12T23:16:45.007

Link: CVE-2026-6676

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T01:00:06Z

Weaknesses