UBUNTU-CVE-2021-30501

An assertion abort was found in upx MemBuffer::alloc in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service abort via a crafted file...

Fedora: Security Advisory for upx (FEDORA-2021-737766a313)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for upx (FEDORA-2021-ceb9db8de0)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

UPX 缓冲区错误漏洞

UPX is an open source executable file packaging program that supports a variety of file formats from different operating systems. A heap buffer overflow vulnerability exists in UPX version 4.0.0. The vulnerability stems from an imperfect check in plxelf.cpp. No detailed vulnerability details are...

UBUNTU-CVE-2021-20285

A flaw was found in upx canPack in plxelf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service SEGV or buffer overflow and application crash or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability...

Fedora: Security Advisory for upx (FEDORA-2021-dff7e97510)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: upx-3.96-8.fc34

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 32 Update: upx-3.96-8.fc32

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 33 Update: upx-3.96-8.fc33

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

Fedora 缓冲区错误漏洞

UPX is an open source executable file packaging program that supports a variety of file formats from different operating systems. A denial of service vulnerability exists in canPack in plxelf.cpp in UPX version 3.96. An attacker can exploit this vulnerability to cause the application to crash via...

PE-Packer - A Simple Windows X86 PE File Packer Written In C And Microsoft Assembly

PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering. It will do the following things when packing a PE file: Transforming the original import table. Encrypting sections. Clearing section names. Installing the shell-entry...

SolarWinds Malware Arsenal Widens with Raindrop

An additional piece of malware, dubbed Raindrop, has been unmasked in the sprawling SolarWinds supply-chain attacks. It was used in targeted attacks after the effort’s initial mass Sunburst compromise, researchers said. The SolarWinds espionage attack, which has affected several U.S. government...

Debian DLA-2455-1 : packer security update

golang-go.crypto was recently updated with a fix for CVE-2020-9283. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix. CVE-2020-9283 SSH signature verification could cause Panic when given invalid Public key. For Debian 9 stretch,...

DLA-2455-1 packer - security update

Bulletin has no description...

Debian: Security Advisory (DLA-2455-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2455-1] packer security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2455-1 [email protected] https://www.debian.org/lts/security/ Brian May November 19, 2020 https://wiki.debian.org/LTS -...

RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims

Researchers with White Ops have uncovered a scam to deliver millions of out-of-context OOC ads through a group of more than 240 Android applications on the official Google Play store, which the team said were collectively delivering more than 15 million impressions per day at their peak. The apps...

PT-2022-8875 · Upx +2 · Upx +2

Name of the Vulnerable Software and Affected Versions: UPX version 4.0.0 Description: A heap-based buffer over-read was discovered in the get le64 function in bele.h via a crafted Mach-O file. Recommendations: For UPX version 4.0.0, at the moment, there is no information about a newer version tha...

PT-2022-8863 · Upx +1 · Upx +1

Name of the Vulnerable Software and Affected Versions: UPX affected versions not specified Description: An out-of-bounds read access issue was discovered in the PackLinuxElf64::canPack function of the p lx elf.cpp file. This could be triggered by an attacker using a crafted input file, potentiall...

PT-2022-8865 · Upx +1 · Upx +1

Name of the Vulnerable Software and Affected Versions: UPX affected versions not specified Description: A floating point exception issue was discovered in the PackLinuxElf64::invert pt dynamic function of the p lx elf.cpp file. An attacker with a crafted input file could trigger this issue, causi...