Upxproject Upx
By the Year
In 2022 there have been 0 vulnerabilities in Upxproject Upx . Last year Upx had 4 security vulnerabilities published. Right now, Upx is on track to have less security vulnerabilities in 2022 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 0 | 0.00 |
| 2021 | 4 | 6.75 |
| 2020 | 0 | 0.00 |
| 2019 | 5 | 5.96 |
| 2018 | 1 | 7.80 |
It may take a day or so for new Upx vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Upxproject Upx Security Vulnerabilities
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0
CVE-2021-30501
5.5 - Medium
- May 27, 2021
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.
Improper Input Validation
Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0
CVE-2021-30500
7.8 - High
- May 27, 2021
Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.
NULL Pointer Dereference
A heap buffer overflow read was discovered in upx 4.0.0
CVE-2020-24119
7.1 - High
- May 14, 2021
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
Out-of-bounds Read
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96
CVE-2021-20285
6.6 - Medium
- March 26, 2021
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.
Buffer Overflow
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95
CVE-2019-20051
5.5 - Medium
- December 27, 2019
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.
Incorrect Calculation
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95
CVE-2019-20053
5.5 - Medium
- December 27, 2019
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
Buffer Overflow
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95
CVE-2019-20021
5.5 - Medium
- December 27, 2019
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
Out-of-bounds Read
An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95
CVE-2019-14295
5.5 - Medium
- July 27, 2019
An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory.
Integer Overflow or Wraparound
canUnpack in p_vmlinx.cpp in UPX 3.95
CVE-2019-14296
7.8 - High
- July 27, 2019
canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.
Buffer Overflow
PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95
CVE-2018-11243
7.8 - High
- May 18, 2018
PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.
Double-free
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Upxproject Upx or by Upxproject? Click the Watch button to subscribe.
