Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the PackLinuxElf64::unDTINIT function in plxelf.cpp. An attacker can trigger a segfault with malicious input. Remediation A fix was pushed into the master branch but not yet published. References - GitHub...

SUSE CVE-2021-43312

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invertptdynamic at plxelf.cpp:5239...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to the generic pointer p pointing to an inaccessible address in the getle32. The problem is essentially caused in PackLinuxElf32::elflookup at plxelf.cpp:5368. Remediation Upgrade upx to version 4.2.1 or...

DEBIAN-CVE-2021-43312

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invertptdynamic at plxelf.cpp:5239...

UPX 缓冲区错误漏洞

UPX is a portable and extensible executable compression program. A security vulnerability exists in UPX, which stems from an issue in the function PackLinuxElf32::elflookup in plxelf.cpp:5382 that causes the generic pointer p to point to an inaccessible address in func getle32...

UPX 缓冲区错误漏洞

UPX is a portable and extensible executable compression program. A security vulnerability exists in UPX, which stems from function PackLinuxElf64::invertptdynamic in plxelf.cpp:5239 that causes the "bucket" variable to point to an inaccessible address...

SUSE CVE-2019-20051

A floating-point exception was discovered in PackLinuxElf::elfhash in plxelf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service...

SUSE CVE-2020-27790

A floating point exception issue was discovered in UPX in PackLinuxElf64::invertptdynamic function of plxelf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a segmentation fault, via the PackLinuxElf64::invertptdynamic function in the plxelf.cpp file. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its...

DEBIAN-CVE-2020-27788

An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack function of plxelf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service...

UBUNTU-CVE-2020-27790

A floating point exception issue was discovered in UPX in PackLinuxElf64::invertptdynamic function of plxelf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability...

PT-2022-8863 · Upx +1 · Upx +1

Name of the Vulnerable Software and Affected Versions: UPX affected versions not specified Description: An out-of-bounds read access issue was discovered in the PackLinuxElf64::canPack function of the p lx elf.cpp file. This could be triggered by an attacker using a crafted input file, potentiall...