CVE-2025-7005— Avast 反病毒软件扫描畸形 PE 文件时无限递归漏洞
Possible ATT&CK Techniques 1AI
T1496 · Resource HijackingAffected Version Matrix 5
| ベンダー | プロダクト | Version Range | ステータス |
|---|---|---|---|
| Gen Digital | Avast Antivirus | < 25031700 | affected |
| Gen Digital | Avast Business Antivirus | < 25031700 | affected |
| Gen Digital | Avast One | < 25031700 | affected |
| Gen Digital | AVG Antivirus | < 25031700 | affected |
| Gen Digital | Norton Antivirus | < 25031700 | affected |
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2025-7005の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Avast antivirus infinite recursion when scanning a malformed PE file
ソース: NVD (National Vulnerability Database)
脆弱性説明
Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25031700. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
未经控制的递归
ソース: NVD (National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Gen Digital | Avast Antivirus | 0 ~ 25031700 | - | |
| Gen Digital | AVG Antivirus | 0 ~ 25031700 | - | |
| Gen Digital | Norton Antivirus | 0 ~ 25031700 | - | |
| Gen Digital | Avast One | 0 ~ 25031700 | - | |
| Gen Digital | Avast Business Antivirus | 0 ~ 25031700 | - |
II. CVE-2025-7005の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2025-7005のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Gen Digital · 2026-06-12 · 17 CVEs total
| CVE-2026-6676 | 7.8 HIGH | Avira antivirus engine heap buffer OOB write when scanning a malformed POSIX tar archive |
| CVE-2025-7003 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 1) |
| CVE-2025-7002 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2) |
| CVE-2025-7008 | 7.8 HIGH | Avast antivirus heap buffer OOB read when scanning a malformed PE file |
| CVE-2025-7009 | 7.8 HIGH | Avast antivirus heap buffer OOB read when scanning a malformed PE file |
| CVE-2025-7017 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed Windows MSI file |
| CVE-2025-7004 | 7.8 HIGH | Avast antivirus heap buffer OOB write when scanning a malformed PE file |
| CVE-2025-7011 | 7.8 HIGH | Avast antivirus heap OOB when scanning a malformed zip file |
| CVE-2025-9032 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed PE file |
| CVE-2025-9033 | 7.8 HIGH | Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 3) |
| CVE-2025-14098 | 7.8 HIGH | Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable f |
| CVE-2026-12068 | 7.4 HIGH | Avira Password Manager credential disclosure via cross-origin autofill in Firefox |
| CVE-2025-7006 | 5.5 MEDIUM | Avast antivirus use of stack memory after free when scanning a malformed PE file |
| CVE-2025-7010 | 5.5 MEDIUM | Avast antivirus stack overflow when scanning a malformed PDF file |
| CVE-2025-7018 | 5.5 MEDIUM | Avira antivirus engine null pointer dereference when scanning a malformed PE file |
| CVE-2025-7019 | 5.5 MEDIUM | Avast antivirus stack overflow when scanning a malformed Office Open XML file |
IV. 関連脆弱性
同じ製品: Avast Antivirus
- CVE-2025-7019
Avast antivirus stack overflow when scanning a malformed Off - CVE-2025-7011
Avast antivirus heap OOB when scanning a malformed zip file - CVE-2025-7010
Avast antivirus stack overflow when scanning a malformed PDF - CVE-2025-7009
Avast antivirus heap buffer OOB read when scanning a malform - CVE-2025-7008
Avast antivirus heap buffer OOB read when scanning a malform
同じベンダー: Gen Digital
- CVE-2026-12068
Avira Password Manager credential disclosure via cross-origi - CVE-2026-6676
Avira antivirus engine heap buffer OOB write when scanning a - CVE-2025-14098
Avira antivirus engine heap buffer OOB write when scanning a - CVE-2025-9033
Avira antivirus engine heap buffer OOB read when scanning a - CVE-2025-9032
Avira antivirus engine heap buffer OOB read when scanning a
同じ弱点: CWE-674
- CVE-2025-7010
Avast antivirus stack overflow when scanning a malformed PDF - CVE-2026-48734
ImageMagick: Stack Overflow in MVG decoder - CVE-2026-46557
ImageMagick: Stack overflow in fx operation - CVE-2026-9740
Unbounded recursion in BSONColumn interleaved-reference caus - CVE-2026-46373
SQLFluff: Recursive Stack Overflow in Parser
V. CVE-2025-7005へのコメント
まだコメントはありません