CVE-2024-9482
CVE-2024-9482 is a medium-severity vulnerability in Avast Antivirus with a CVSS 3.x base score of 5.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-787.
Key facts
- Severity: Medium (CVSS 3.x base score 5.1)
- EPSS exploit prediction: 0% (3rd percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2024-49970
- Weakness: CWE-787
- Affected product: Avast Antivirus
- Published:
- Last modified:
Description
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing.
Frequently asked questions
- What is CVE-2024-9482?
- An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing.
- How severe is CVE-2024-9482?
- CVE-2024-9482 has a CVSS 3.x base score of 5.1, rated medium severity. It is exploitable over local access with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2024-9482 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (3rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2024-9482?
- CVE-2024-9482 primarily affects Avast Antivirus. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2024-9482?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2024-9482 have an EU (EUVD) identifier?
- Yes. CVE-2024-9482 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-49970.
- When was CVE-2024-9482 published?
- CVE-2024-9482 was published on 2024-10-04 and last updated on 2026-06-17.
References
Affected products (2)
- cpe:2.3:a:avast:antivirus:*:*:*:*:*:macos:*:*
- cpe:2.3:a:avg:antivirus:*:*:*:*:*:macos:*:*
More vulnerabilities in Avast Antivirus
- CVE-2025-13032 — Critical (CVSS 9.9): Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate…
- CVE-2020-10867 — Critical (CVSS 9.8): An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast…
- CVE-2017-8307 — Critical (CVSS 9.8): In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible…
- CVE-2025-3500 — Critical (CVSS 9.0): Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege…
- CVE-2021-45337 — High (CVSS 8.8): Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with…
- CVE-2021-45336 — High (CVSS 8.8): Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed…
All CVEs affecting Avast Antivirus →
Other CWE-787 (Out-of-bounds Write) vulnerabilities
- CVE-2026-42369 — Critical (CVSS 10.0): GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other…
- CVE-2026-4746 — Critical (CVSS 10.0): Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src modules). This vulnerability is…
- CVE-2025-43300 — Critical (CVSS 10.0): An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS…
- CVE-2025-24201 — Critical (CVSS 10.0): An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in…
- CVE-2024-42479 — Critical (CVSS 10.0): llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause…
- CVE-2024-39791 — Critical (CVSS 10.0): Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge…