Upx

upx

Vendor: Upx • 35 CVEs

CVEs (35)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-2849 1Upx 1Upx Apr 11, 2025 Mar 27, 2025 4.8 MEDIUM· v4 5.5 MEDIUM· v3 1.7 LOW· v2 A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow....Show more A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.Show less
CVE-2024-3209 2Fedoraproject Upx 2Fedora Upx Apr 25, 2025 Apr 2, 2024 N/A· v4 9.8 CRITICAL· v3 5.2 MEDIUM· v2 A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclos...Show more A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2021-46179 1Upx 1Upx Apr 11, 2025 Aug 22, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function.
CVE-2021-43317 1Upx 1Upx Apr 11, 2025 Mar 24, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:...Show more A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404Show less
CVE-2021-43316 1Upx 1Upx Apr 11, 2025 Mar 24, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64().
CVE-2021-43315 1Upx 1Upx Apr 11, 2025 Mar 24, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:...Show more A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349Show less
CVE-2021-43314 1Upx 1Upx Apr 11, 2025 Mar 24, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:...Show more A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368Show less
CVE-2021-43313 1Upx 1Upx Apr 11, 2025 Mar 24, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.
CVE-2021-43312 1Upx 1Upx Apr 11, 2025 Mar 24, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.
CVE-2021-43311 1Upx 1Upx Apr 11, 2025 Mar 24, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5...Show more A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.Show less
CVE-2023-23457 2Fedoraproject Upx 2Fedora Upx Apr 11, 2025 Jan 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
CVE-2023-23456 2Fedoraproject Upx 2Fedora Upx Apr 11, 2025 Jan 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
CVE-2020-27802 1Upx 1Upx Apr 11, 2025 Aug 25, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27801 1Upx 1Upx Apr 11, 2025 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27800 1Upx 1Upx Apr 11, 2025 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27799 1Upx 1Upx Apr 11, 2025 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27798 1Upx 1Upx Apr 11, 2025 Aug 25, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27797 1Upx 1Upx Apr 11, 2025 Aug 25, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27796 1Upx 1Upx Apr 11, 2025 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27788 1Upx 1Upx Apr 11, 2025 Aug 18, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading...Show more An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service.Show less

12 Next