CVE-2025-7019— Gen Digital Avast Antivirus 缓冲区错误漏洞
Possible ATT&CK Techniques 2AI
T1203 · Exploitation for Client Execution T1499 · Endpoint Denial of ServiceAffected Version Matrix 5
| ベンダー | プロダクト | Version Range | ステータス |
|---|---|---|---|
| Gen Digital | Avast Antivirus | < 25020100 | affected |
| Gen Digital | Avast Business Antivirus | < 25020100 | affected |
| Gen Digital | Avast One | < 25020100 | affected |
| Gen Digital | AVG Antivirus | < 25020100 | affected |
| Gen Digital | Norton Antivirus | < 25020100 | affected |
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2025-7019の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Avast antivirus stack overflow when scanning a malformed Office Open XML file
ソース: NVD (National Vulnerability Database)
脆弱性説明
Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25020100. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
栈缓冲区溢出
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Gen Digital Avast Antivirus 缓冲区错误漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Gen Digital Avast Antivirus是美国Gen Digital公司的一个防病毒与网络安全软件。 Gen Digital Avast Antivirus存在缓冲区错误漏洞,该漏洞源于扫描恶意Office Open XML文件时存在栈缓冲区溢出,可能导致防病毒进程拒绝服务。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Gen Digital | Avast Antivirus | 0 ~ 25020100 | - | |
| Gen Digital | AVG Antivirus | 0 ~ 25020100 | - | |
| Gen Digital | Norton Antivirus | 0 ~ 25020100 | - | |
| Gen Digital | Avast One | 0 ~ 25020100 | - | |
| Gen Digital | Avast Business Antivirus | 0 ~ 25020100 | - |
II. CVE-2025-7019の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2025-7019のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Gen Digital · 2026-06-12 · 17 CVEs total
| CVE-2026-6676 | 7.8 HIGH | Avira antivirus engine heap buffer OOB write when scanning a malformed POSIX tar archive |
| CVE-2025-7003 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 1) |
| CVE-2025-7002 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2) |
| CVE-2025-7008 | 7.8 HIGH | Avast antivirus heap buffer OOB read when scanning a malformed PE file |
| CVE-2025-7009 | 7.8 HIGH | Avast antivirus heap buffer OOB read when scanning a malformed PE file |
| CVE-2025-7017 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed Windows MSI file |
| CVE-2025-7004 | 7.8 HIGH | Avast antivirus heap buffer OOB write when scanning a malformed PE file |
| CVE-2025-7011 | 7.8 HIGH | Avast antivirus heap OOB when scanning a malformed zip file |
| CVE-2025-9032 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed PE file |
| CVE-2025-9033 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 3) |
| CVE-2025-14098 | 7.8 HIGH | Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable f |
| CVE-2026-12068 | 7.4 HIGH | Avira Password Manager credential disclosure via cross-origin autofill in Firefox |
| CVE-2025-7006 | 5.5 MEDIUM | Avast antivirus use of stack memory after free when scanning a malformed PE file |
| CVE-2025-7010 | 5.5 MEDIUM | Avast antivirus stack overflow when scanning a malformed PDF file |
| CVE-2025-7005 | 5.5 MEDIUM | Avast antivirus infinite recursion when scanning a malformed PE file |
| CVE-2025-7018 | 5.5 MEDIUM | Avira antivirus engine null pointer dereference when scanning a malformed PE file |
IV. 関連脆弱性
同じ製品: Avast Antivirus
- CVE-2025-7011
Avast antivirus heap OOB when scanning a malformed zip file - CVE-2025-7010
Avast antivirus stack overflow when scanning a malformed PDF - CVE-2025-7009
Avast antivirus heap buffer OOB read when scanning a malform - CVE-2025-7008
Avast antivirus heap buffer OOB read when scanning a malform - CVE-2025-7006
Avast antivirus use of stack memory after free when scanning
同じベンダー: Gen Digital
- CVE-2026-12068
Avira Password Manager credential disclosure via cross-origi - CVE-2026-6676
Avira antivirus engine heap buffer OOB write when scanning a - CVE-2025-14098
Avira antivirus engine heap buffer OOB write when scanning a - CVE-2025-9033
Avira antivirus engine heap buffer OOB read when scanning a - CVE-2025-9032
Avira antivirus engine heap buffer OOB read when scanning a
同じ弱点: CWE-121
- CVE-2026-10829
NPort W2150A-W4/W2250A-W4远程代码执行漏洞 - CVE-2026-7273
Zyxel GS1900-48HPv2固件堆栈溢出致命令执行 - CVE-2026-12222
Yealink SIP-T46U Web FastCGI Service bttest mod_webd.BlueToo - CVE-2026-12221
Yealink SIP-T46U Firmware Chunk Upload upgrade sprintf stack - CVE-2026-12220
Yealink SIP-T46U Firmware Chunk Upload handler accupgradebyc
V. CVE-2025-7019へのコメント
まだコメントはありません