VYPR

rpm package

opensuse/upx&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/upx&distro=openSUSE%20Tumbleweed

Vulnerabilities (8)

  • CVE-2025-2849Mar 27, 2025
    affected < 5.0.0-2.1fixed 5.0.0-2.1

    A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The e

  • CVE-2023-23457Jan 12, 2023
    affected < 4.0.1-2.1fixed 4.0.1-2.1

    A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.

  • CVE-2020-24119May 14, 2021
    affected < 3.96-3.2fixed 3.96-3.2

    A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.

  • CVE-2019-20053Dec 27, 2019
    affected < 3.96-3.2fixed 3.96-3.2

    An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

  • CVE-2019-20021Dec 27, 2019
    affected < 3.96-3.2fixed 3.96-3.2

    A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

  • CVE-2019-14296Jul 27, 2019
    affected < 3.96-3.2fixed 3.96-3.2

    canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.

  • CVE-2018-11243HigMay 18, 2018
    affected < 3.96-3.2fixed 3.96-3.2

    PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.

  • CVE-2017-16869HigNov 17, 2017
    affected < 3.96-3.2fixed 3.96-3.2

    p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no securit