Upx Upxproject Upx

Do you want an email whenever new security vulnerabilities are reported in Upxproject Upx?

By the Year

In 2021 there have been 4 vulnerabilities in Upxproject Upx with an average score of 6.8 out of ten. Upx did not have any published security vulnerabilities last year. That is, 4 more vulnerabilities have already been reported in 2021 as compared to last year.

Year Vulnerabilities Average Score
2021 4 6.75
2020 0 0.00
2019 5 5.96
2018 1 7.80

It may take a day or so for new Upx vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Upxproject Upx Security Vulnerabilities

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0

CVE-2021-30501 5.5 - Medium - May 27, 2021

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.

Improper Input Validation

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0

CVE-2021-30500 7.8 - High - May 27, 2021

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.

NULL Pointer Dereference

A heap buffer overflow read was discovered in upx 4.0.0

CVE-2020-24119 7.1 - High - May 14, 2021

A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.

Out-of-bounds Read

A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96

CVE-2021-20285 6.6 - Medium - March 26, 2021

A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.

Buffer Overflow

A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95

CVE-2019-20051 5.5 - Medium - December 27, 2019

A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.

Incorrect Calculation

An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95

CVE-2019-20053 5.5 - Medium - December 27, 2019

An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

Improper Input Validation

A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95

CVE-2019-20021 5.5 - Medium - December 27, 2019

A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

Out-of-bounds Read

An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95

CVE-2019-14295 5.5 - Medium - July 27, 2019

An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory.

Integer Overflow or Wraparound

canUnpack in p_vmlinx.cpp in UPX 3.95

CVE-2019-14296 7.8 - High - July 27, 2019

canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.

Buffer Overflow

PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95

CVE-2018-11243 7.8 - High - May 18, 2018

PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.

Double-free

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Upxproject Upx or by Upxproject? Click the Watch button to subscribe.

Upxproject
Vendor

subscribe