apk package
wolfi/upx
pkg:apk/wolfi/upx
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-2849 | — | < 5.0.1-r0 | 5.0.1-r0 | Mar 27, 2025 | A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The e | ||
| CVE-2023-23457 | — | < 0 | 0 | Jan 12, 2023 | A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. | ||
| CVE-2023-23456 | — | < 5.0.0-r0 | 5.0.0-r0 | Jan 12, 2023 | A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. |
- CVE-2025-2849Mar 27, 2025affected < 5.0.1-r0fixed 5.0.1-r0
A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The e
- CVE-2023-23457Jan 12, 2023affected < 0fixed 0
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
- CVE-2023-23456Jan 12, 2023affected < 5.0.0-r0fixed 5.0.0-r0
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.