← back
CVE-2024-9481

Out of Bounds write on scan of malformed eml file may crash the application

CVSS 5.1 MEDIUMEPSS 0.1%CWE-787
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.1EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Oct 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
AVG/Avast · Antivirus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.norton.com/sp/static/external/tools/security-advisories.html