CVE-2025-7010
Received Received - Intake
Stack Overflow in Avast Antivirus via Malformed PDF

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: NortonLifeLock Inc.

Description
Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25021208. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-13
AI Q&A
2026-06-13
EPSS Evaluated
N/A
NVD
CVE-2025-7010
EUVD
EUVD-2025-210129
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
avast avast_antivirus to 25021208 (exc)
avg avg_antivirus to 25021208 (exc)
norton_lifelock norton_antivirus to 25021208 (exc)
avast avast_one to 25021208 (exc)
avast avast_business_antivirus to 25021208 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack overflow caused by uncontrolled recursion in Avast Antivirus products when scanning a malformed PDF file.

It affects multiple antivirus products including Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux platforms.

The issue arises from the scanning logic delivered via a shared virus definition update stream, which if below a certain build version, allows the vulnerability to be triggered.

Impact Analysis

This vulnerability may allow an attacker to cause a Denial-of-Service (DoS) condition by crashing the antivirus process when it scans a specially crafted malformed PDF file.

The impact is limited to availability, as the CVSS score indicates no confidentiality or integrity loss, but the antivirus service could be disrupted.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, or Avast Business Antivirus installations are updated to virus definition builds at or above VPS 25021208. The vulnerability is fixed in these builds and later versions.

Since the affected scanning logic is delivered through a shared Gen Digital virus definition update stream, keeping your antivirus product updated via this channel will protect against this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-7010. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart