Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-7018
PUBLISHED
More InfoOfficial Page
Assigner-GEN
Assigner Org ID-dbd8429d-f261-4b1e-94cc-ae3132817e2e
View Known Exploited Vulnerability (KEV) details
Published At-12 Jun, 2026 | 22:13
Updated At-12 Jun, 2026 | 22:13
Rejected At-
▼CVE Numbering Authority (CNA)
Avira antivirus engine null pointer dereference when scanning a malformed PE file

Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.

Affected Products
Vendor
Gen Digital
Product
Avira Antivirus
Platforms
  • Windows
  • macOS
  • Linux
Default Status
affected
Versions
Affected
  • From 0 before 8.3.70.64 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476 NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476 NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-125CAPEC-125 Denial of Service
CAPEC ID: CAPEC-125
Description: CAPEC-125 Denial of Service
Solutions

Upgrade to Avira scan engine build 8.3.70.64 or any later engine release. Builds at or above 8.3.70.64 include the fix.

Configurations
Workarounds
Exploits
Credits
reporter
Mike Zhang, an independent security researcher
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.gendigital.com/us/en/contact-us/security-advisories/
N/A
Hyperlink: https://www.gendigital.com/us/en/contact-us/security-advisories/
Resource: N/A
Details not found