CVE-2025-7010

Vulnerability

A stack overflow vulnerability exists due to uncontrolled recursion in the scanning logic of Avast Antivirus when processing a specially crafted malformed PDF file. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream, impacting Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux. Virus definition builds before VPS 25021208 are vulnerable [1].

Exploitation

An attacker can deliver a malformed PDF file to a target system via email, web download, or other means. The vulnerability is triggered when the antivirus software scans the file, either automatically or upon user interaction (e.g., opening or downloading the file). No authentication or special privileges are required, and the attack is conducted remotely with no race window needed.

Impact

Successful exploitation causes the antivirus process to crash due to a stack overflow, resulting in a denial-of-service condition. The antivirus protection is temporarily disabled until the process is restarted, potentially exposing the system to further threats. No data confidentiality or integrity is compromised.

Mitigation

The vulnerability is fixed in virus definition build VPS 25021208. Users should ensure their antivirus software is updated to at least this build via the standard Gen Digital update channel. The mitigation is available for all affected products: Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus. No workarounds exist for builds below the fixed version [1].