SUSE CVE-2025-2849

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::unDTINIT of the file src/plxelf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been...

CVE-2021-46179

Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to the generic pointer 'p' points to an inaccessible address in the getle32 function. The problem is essentially caused in PackLinuxElf32::elflookup at plxelf.cpp:5349. Remediation Upgrade upx to version...

DEBIAN-CVE-2021-43313

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invertptdynamic at plxelf.cpp:1688...

UBUNTU-CVE-2021-43311

A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func getle32. The problem is essentially caused in PackLinuxElf32::elflookup at plxelf.cpp:5382...

UBUNTU-CVE-2021-43316

A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func getle64...

SUSE CVE-2019-14295

An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory...

SUSE CVE-2020-27790

A floating point exception issue was discovered in UPX in PackLinuxElf64::invertptdynamic function of plxelf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability...

SUSE CVE-2021-20285

A flaw was found in upx canPack in plxelf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service SEGV or buffer overflow and application crash or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability...

DEBIAN-CVE-2020-27788

An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack function of plxelf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. An assertion abort was found in upx MemBuffer::alloc in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service abort via a crafted file. Remediation Upgrade upx to version 4.2.1 ...

DEBIAN-CVE-2020-24119

A heap buffer overflow read was discovered in upx 4.0.0, because the check in plxelf.cpp is not perfect...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read. A heap buffer overflow read was discovered in upx 4.0.0, because the check in plxelf.cpp is not perfect. Remediation Upgrade upx to version 4.2.1 or higher. References - GitHub Commit - GitHub Issue...

PT-2017-13841 · Upx Team +1 · Upx +1

Name of the Vulnerable Software and Affected Versions: UPX version 3.94 Description: The issue is related to the handling of ELF headers in the p lx elf.cpp file, which can be exploited by remote attackers using a crafted binary file. This exploitation can lead to a denial of service, causing the...