EUVD-2025-210132
GHSA-6x27-frwr-pw8h
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Local file delivery and a scan trigger (UI:R) are required; no privileges needed to place a file; impact is availability-only with no scope change.
Primary rating from Vendor (GEN).
CVSS VectorVendor: GEN
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process.
This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.
AnalysisAI
Null pointer dereference in the Avira Antivirus scanning engine crashes the antivirus process when it parses a specially crafted malformed Windows PE file. All platform deployments - Windows, macOS, and Linux - running engine builds prior to 8.3.70.64 are affected, making this a cross-platform availability risk. No public exploit identified at time of analysis and no CISA KEV listing; however, the ease of crafting a malformed PE file as a trigger lowers the practical barrier for targeted disruption of endpoint protection.
Technical ContextAI
The vulnerability is rooted in CWE-476 (Null Pointer Dereference) within Avira's PE file parsing logic. Windows Portable Executable (PE) format parsing is a complex, field-rich operation; a malformed PE with unexpected or absent header fields can cause the engine to dereference a pointer that was never initialized or was set to null due to a parsing shortcut. When this occurs inside the antivirus engine process, the null dereference generates an access violation or segmentation fault that terminates the engine. The CPE cpe:2.3:a:gen_digital:avira_antivirus:*:*:*:*:*:*:*:* confirms the affected vendor and product span all variants of Avira Antivirus under Gen Digital's ownership across all three major operating systems, despite the trigger being a Windows PE file format - meaning cross-platform engine code shares the vulnerable parser.
RemediationAI
Update the Avira Antivirus engine to build 8.3.70.64 or later, as confirmed by the vendor description. For enterprise deployments managed through Gen Digital's management console, push an engine update to all endpoints. For consumer installations, ensure auto-update is enabled so the engine updates automatically. If an immediate engine update is not possible, a compensating control is to configure email gateways and web proxies to block or quarantine PE files before they reach endpoints, reducing the attack surface; note this does not eliminate risk from files introduced via USB or other local vectors. Consult https://www.gendigital.com/us/en/contact-us/security-advisories/ for the official advisory and update guidance.
More from same product – last 7 days
Local code execution and denial-of-service in Avira Antivirus engine builds before 8.3.70.68 allow an attacker to compro
Out-of-bounds heap read in the Avira Antivirus scanning engine triggers when the engine parses a malformed PDF, allowing
Local code execution or denial-of-service in Avira Antivirus engine builds prior to 8.3.70.56 occurs when the scanner pa
Local code execution in Avira Antivirus engine builds before 8.3.70.104 on Windows, macOS, and Linux allows attackers to
Heap out-of-bounds read in the Avira Antivirus scanning engine on Windows, macOS, and Linux (engine builds before 8.3.70
Share
External POC / Exploit Code
Leaving vuln.today