Upxproject Upx

Do you want an email whenever new security vulnerabilities are reported in Upxproject Upx?

By the Year

In 2021 there have been 4 vulnerabilities in Upxproject Upx with an average score of 6.8 out of ten. Upx did not have any published security vulnerabilities last year. That is, 4 more vulnerabilities have already been reported in 2021 as compared to last year.

Year	Vulnerabilities	Average Score
2021	4	6.75
2020	0	0.00
2019	5	5.96
2018	1	7.80

It may take a day or so for new Upx vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Upxproject Upx Security Vulnerabilities

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0

CVE-2021-30501 5.5 - Medium - May 27, 2021

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.

Improper Input Validation

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0

CVE-2021-30500 7.8 - High - May 27, 2021

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.

NULL Pointer Dereference

A heap buffer overflow read was discovered in upx 4.0.0

CVE-2020-24119 7.1 - High - May 14, 2021

A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.

Out-of-bounds Read

A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96

CVE-2021-20285 6.6 - Medium - March 26, 2021

A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.

Buffer Overflow

A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95

CVE-2019-20051 5.5 - Medium - December 27, 2019

A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.

Incorrect Calculation

An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95

CVE-2019-20053 5.5 - Medium - December 27, 2019

An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

Improper Input Validation

A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95

CVE-2019-20021 5.5 - Medium - December 27, 2019

A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

Out-of-bounds Read

An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95

CVE-2019-14295 5.5 - Medium - July 27, 2019

An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory.

Integer Overflow or Wraparound

canUnpack in p_vmlinx.cpp in UPX 3.95

CVE-2019-14296 7.8 - High - July 27, 2019

canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.

Buffer Overflow

PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95

CVE-2018-11243 7.8 - High - May 18, 2018

PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.

Double-free

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Upxproject Upx or by Upxproject? Click the Watch button to subscribe.

Upxproject
Vendor

Upxproject Upx
Product

Upxproject Upx

By the Year

Recent Upxproject Upx Security Vulnerabilities

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0 CVE-2021-30501 5.5 - Medium - May 27, 2021

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0 CVE-2021-30500 7.8 - High - May 27, 2021

A heap buffer overflow read was discovered in upx 4.0.0 CVE-2020-24119 7.1 - High - May 14, 2021

A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96 CVE-2021-20285 6.6 - Medium - March 26, 2021

A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95 CVE-2019-20051 5.5 - Medium - December 27, 2019

An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 CVE-2019-20053 5.5 - Medium - December 27, 2019

A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 CVE-2019-20021 5.5 - Medium - December 27, 2019

An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 CVE-2019-14295 5.5 - Medium - July 27, 2019

canUnpack in p_vmlinx.cpp in UPX 3.95 CVE-2019-14296 7.8 - High - July 27, 2019

PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 CVE-2018-11243 7.8 - High - May 18, 2018