PatchSiren cyber security CVE debrief
CVE-2025-14098 Gen Digital CVE debrief
A heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.104.
- Vendor
- Gen Digital
- Product
- Avira Antivirus
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Avira Antivirus on Windows, macOS, and Linux with engine builds before 8.3.70.104 should update to the latest version to mitigate this vulnerability.
Technical summary
The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. It is caused by an integer overflow in the Avira Antivirus engine when scanning a malformed MS-DOS executable file, leading to a heap buffer out-of-bounds write.
Defensive priority
High
Recommended defensive actions
- Update Avira Antivirus engine to version 8.3.70.104 or later.
Evidence notes
The CVE record was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2025-14098). The vulnerability details were obtained from [nvd](https://nvd.nist.gov/vuln/detail/CVE-2025-14098). Additional information can be found at [ref-4](https://www.gendigital.com/us/en/contact-us/security-advisories/).
Official resources
-
CVE-2025-14098 CVE record
CVE.org
-
CVE-2025-14098 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-14098 was published on 2026-06-12T23:16:27.350Z.