CVE-2025-7006— Avast antivirus use of stack memory after free when scanning a malformed PE file
Possible ATT&CK Techniques 1AI
T1499 · Endpoint Denial of ServiceAffected Version Matrix 5
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Gen Digital | Avast Antivirus | < 25022500 | affected |
| Gen Digital | Avast Business Antivirus | < 25022500 | affected |
| Gen Digital | Avast One | < 25022500 | affected |
| Gen Digital | AVG Antivirus | < 25022500 | affected |
| Gen Digital | Norton Antivirus | < 25022500 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-7006
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Avast antivirus use of stack memory after free when scanning a malformed PE file
Source: NVD (National Vulnerability Database)
Vulnerability Description
Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25022500. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放并不在堆上的内存
Source: NVD (National Vulnerability Database)
Vulnerability Title
Gen Digital Avast Antivirus 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Gen Digital Avast Antivirus是美国Gen Digital公司的一个防病毒与网络安全软件。 Gen Digital Avast Antivirus存在资源管理错误漏洞,该漏洞源于栈内存释放后重用,可能导致扫描畸形Windows PE文件时防病毒进程拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Gen Digital | Avast Antivirus | 0 ~ 25022500 | - | |
| Gen Digital | AVG Antivirus | 0 ~ 25022500 | - | |
| Gen Digital | Norton Antivirus | 0 ~ 25022500 | - | |
| Gen Digital | Avast One | 0 ~ 25022500 | - | |
| Gen Digital | Avast Business Antivirus | 0 ~ 25022500 | - |
II. Public POCs for CVE-2025-7006
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-7006
请登录查看更多情报信息。
Same Patch Batch · Gen Digital · 2026-06-12 · 17 CVEs total
| CVE-2026-6676 | 7.8 HIGH | Avira antivirus engine heap buffer OOB write when scanning a malformed POSIX tar archive |
| CVE-2025-7003 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 1) |
| CVE-2025-7002 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2) |
| CVE-2025-7008 | 7.8 HIGH | Avast antivirus heap buffer OOB read when scanning a malformed PE file |
| CVE-2025-7009 | 7.8 HIGH | Avast antivirus heap buffer OOB read when scanning a malformed PE file |
| CVE-2025-7017 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed Windows MSI file |
| CVE-2025-7004 | 7.8 HIGH | Avast antivirus heap buffer OOB write when scanning a malformed PE file |
| CVE-2025-7011 | 7.8 HIGH | Avast antivirus heap OOB when scanning a malformed zip file |
| CVE-2025-9032 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed PE file |
| CVE-2025-9033 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 3) |
| CVE-2025-14098 | 7.8 HIGH | Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable f |
| CVE-2026-12068 | 7.4 HIGH | Avira Password Manager credential disclosure via cross-origin autofill in Firefox |
| CVE-2025-7010 | 5.5 MEDIUM | Avast antivirus stack overflow when scanning a malformed PDF file |
| CVE-2025-7005 | 5.5 MEDIUM | Avast antivirus infinite recursion when scanning a malformed PE file |
| CVE-2025-7018 | 5.5 MEDIUM | Avira antivirus engine null pointer dereference when scanning a malformed PE file |
| CVE-2025-7019 | 5.5 MEDIUM | Avast antivirus stack overflow when scanning a malformed Office Open XML file |
IV. Related Vulnerabilities
Same product: Avast Antivirus
- CVE-2025-71326
AVAST Antivirus 25.11 Unquoted Service Path Privilege Escala - CVE-2025-7019
Avast antivirus stack overflow when scanning a malformed Off - CVE-2025-7011
Avast antivirus heap OOB when scanning a malformed zip file - CVE-2025-7010
Avast antivirus stack overflow when scanning a malformed PDF - CVE-2025-7009
Avast antivirus heap buffer OOB read when scanning a malform
Same vendor: Gen Digital
- CVE-2026-12068
Avira Password Manager credential disclosure via cross-origi - CVE-2026-6676
Avira antivirus engine heap buffer OOB write when scanning a - CVE-2025-14098
Avira antivirus engine heap buffer OOB write when scanning a - CVE-2025-9033
Avira antivirus engine heap buffer OOB read when scanning a - CVE-2025-9032
Avira antivirus engine heap buffer OOB read when scanning a
Same weakness: CWE-590
- CVE-2026-47328
Invalid pointer deallocation in Ubuntu Linux AppArmor notifi - CVE-2026-20810
Windows Ancillary Function Driver for WinSock Elevation of P - CVE-2025-54899
Microsoft Excel Remote Code Execution Vulnerability - CVE-2025-42996
Multiple vulnerabilities in SAP MDM Server - CVE-2025-42995
Multiple vulnerabilities in SAP MDM Server
V. Comments for CVE-2025-7006
No comments yet