iViZ Security

Security Advisories

AVG antivirus for Linux


AVG antivirus can be deterministically forced to crash (segmentation fault) when analyzing corrupted UPX files.

Affected Software

AVG for Linux version 7.5.51 (current), possibly others.


Remote DoS, possibly remote code execution.

Vendor Response



This vulnerability was discovered by Security Researcher Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd.

Disclosure Timeline

First attempt to contact the vendor on September 18th 2008.
Received an automated reply on September 18th 2008.
No actual reponse from vendor in spite of our multiple emails.

Back to Security Advisories