UPX Project UPX (Ultimate Packer for eXecutables) 3.95

CPE Details

UPX Project UPX (Ultimate Packer for eXecutables) 3.95
upx_project
upx
3.95
2019-10-17
10h34 +00:00
2019-10-17
10h34 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:upx_project:upx:3.95:*:*:*:*:*:*:*

Informations

Vendor

upx_project

Product

upx

Version

3.95

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-46179 2023-08-21 22h00 +00:00 Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function.
6.5
Medium
CVE-2021-43311 2023-03-24 00h00 +00:00 A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.
7.5
High
CVE-2021-43312 2023-03-24 00h00 +00:00 A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.
7.5
High
CVE-2021-43313 2023-03-24 00h00 +00:00 A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.
7.5
High
CVE-2021-43314 2023-03-24 00h00 +00:00 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368
7.5
High
CVE-2021-43315 2023-03-24 00h00 +00:00 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349
7.5
High
CVE-2021-43316 2023-03-24 00h00 +00:00 A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64().
7.5
High
CVE-2021-43317 2023-03-24 00h00 +00:00 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404
7.5
High
CVE-2023-23456 2023-01-11 23h00 +00:00 A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
5.5
Medium
CVE-2023-23457 2023-01-11 23h00 +00:00 A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
5.5
Medium
CVE-2020-27788 2022-08-18 17h05 +00:00 An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service.
5.5
Medium
CVE-2020-27790 2022-08-18 16h57 +00:00 A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.
5.5
Medium
CVE-2020-27787 2022-08-18 16h34 +00:00 A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
5.5
Medium
CVE-2019-20805 2020-06-01 11h50 +00:00 p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.
5.5
Medium
CVE-2019-20053 2019-12-27 20h59 +00:00 An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
5.5
Medium
CVE-2019-20051 2019-12-27 20h59 +00:00 A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.
5.5
Medium
CVE-2019-20021 2019-12-27 00h11 +00:00 A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
5.5
Medium
CVE-2019-14296 2019-07-27 16h40 +00:00 canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.
7.8
High
CVE-2019-14295 2019-07-27 16h40 +00:00 An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory.
5.5
Medium
CVE-2018-11243 2018-05-18 15h00 +00:00 PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.
7.8
High