CVE-2020-27799

A heap-based buffer over-read was discovered in the accuagetbe32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file...

CVE-2020-27790

A floating point exception issue was discovered in UPX in PackLinuxElf64::invertptdynamic function of plxelf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability...

CVE-2020-27801

A heap-based buffer over-read was discovered in the getle64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file...

CVE-2020-27802

An floating point exception was discovered in the elflookup function in plxelf.cpp in UPX 4.0.0 via a crafted Mach-O file...

CVE-2025-2849 vulnerabilities

Vulnerabilities for packages: upx...

GHSA-JRX7-5CR9-C5V4 vulnerabilities

Vulnerabilities for packages: upx...

CVE-2025-2849 vulnerabilities

Vulnerabilities for packages: upx...

GHSA-JRX7-5CR9-C5V4 vulnerabilities

Vulnerabilities for packages: upx...

[SECURITY] Fedora 42 Update: upx-5.0.0-1.fc42

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

Fedora: Security Advisory (FEDORA-2025-3f77ed652b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: upx-5.0.0-1.fc41

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 40 Update: upx-5.0.0-1.fc40

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

Fedora 41 : upx (2025-c91006eca6)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c91006eca6 advisory. 5.0.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for these...

Fedora 40 : upx (2025-3f77ed652b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-3f77ed652b advisory. 5.0.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for these...

MGASA-2025-0122 Updated upx packages fix security vulnerability

UPX plxelf.cpp unDTINIT heap-based overflow. CVE-2025-2849...

Updated upx packages fix security vulnerability

UPX plxelf.cpp unDTINIT heap-based overflow. CVE-2025-2849...

upx-5.0.0-2.1 on GA media (moderate)

upx-5.0.0-2.1 on GA media Announcement ID: openSUSE-SU-2025:14947-1 Rating: moderate Cross-References: CVE-2025-2849 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the upx-5.0.0-2.1 package o...

OPENSUSE-SU-2025:14947-1 upx-5.0.0-2.1 on GA media

These are all security issues fixed in the upx-5.0.0-2.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2025-2849

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::unDTINIT of the file src/plxelf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been...

CVE-2025-2849

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::unDTINIT of the file src/plxelf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been...