CVE-2025-7004

Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus ...

CVE-2025-7018

CVE-2025-7018 is a null pointer dereference in Avira Antivirus engine when scanning malformed Windows PE files, potentially causing Denial-of-Service of the antivirus engine process. Affected product: Avira Antivirus across Windows, macOS, and Linux, with vulnerable engine builds prior to 8.3.70....

CVE-2025-7008 Avast antivirus heap buffer OOB read when scanning a malformed PE file

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast...

CVE-2025-7008

CVE-2025-7008 describes a heap buffer out-of-bounds read in Gen Digital antivirus engines ( Avast Antivirus, AVG, Norton, Avast One/Business) when scanning malformed Windows PE files containing .NET metadata. Root cause: heap OOB read in the scanning logic when processing such PE files; impact in...

CVE-2025-7005 Avast antivirus infinite recursion when scanning a malformed PE file

Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for vir...

CVE-2025-7005 Avast antivirus infinite recursion when scanning a malformed PE file

Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for vir...

PT-2026-49011

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25031700 AVG Antivirus versions prior to VPS 25031700 Norton Antivirus versions prior to VPS 25031700 Avast One versions prior to VPS 25031700 Avast Business Antivirus versions prior to VPS 25031700...

PT-2026-49012

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25022500 AVG Antivirus versions prior to VPS 25022500 Norton Antivirus versions prior to VPS 25022500 Avast One versions prior to VPS 25022500 Avast Business Antivirus versions prior to VPS 25022500...

CVE-2026-39853

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

UBUNTU-CVE-2026-39853

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

CVE-2026-39853

osslsigncode contains a stack buffer overflow in its signature verification paths (PE, MSI, CAB, script) when verifying PKCS#7 signatures. During digest copy from SpcIndirectDataContent into a fixed-size stack buffer (mdbuf[EVP_MAX_MD_SIZE], 64 bytes), the code does not validate the source length...

CVE-2026-39853

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

SUSE CVE-2025-66863

An issue was discovered in function ddiscriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

SUSE CVE-2025-66866

An issue was discovered in function dabitags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

CVE-2025-66866

An issue was discovered in function dabitags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

CVE-2025-66861

An issue was discovered in function dunqualifiedname in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file...

CVE-2025-66861

An issue was discovered in function dunqualifiedname in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file...

CVE-2025-66863

An issue was discovered in function ddiscriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

UBUNTU-CVE-2025-66866

An issue was discovered in function dabitags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

PT-2025-53759

Name of the Vulnerable Software and Affected Versions BinUtils version 2.26 Description An issue exists in the d discriminator function within the cp-demangle.c file of BinUtils. This can lead to a denial of service when processing specially crafted PE files. Recommendations Update BinUtils to a...