Vulnerabilities > UPX > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-27 | CVE-2025-2849 | Heap-based Buffer Overflow vulnerability in UPX A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. | 5.5 |
| 2023-08-22 | CVE-2021-46179 | Reachable Assertion vulnerability in UPX Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function. | 6.5 |
| 2023-01-12 | CVE-2023-23456 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. | 5.5 |
| 2023-01-12 | CVE-2023-23457 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. | 5.5 |
| 2022-08-25 | CVE-2020-27797 | Release of Invalid Pointer or Reference vulnerability in UPX 4.0.0 An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | 5.5 |
| 2022-08-25 | CVE-2020-27798 | Release of Invalid Pointer or Reference vulnerability in UPX 4.0.0 An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | 5.5 |
| 2022-08-25 | CVE-2020-27802 | Divide By Zero vulnerability in UPX 4.0.0 An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | 5.5 |
| 2022-08-18 | CVE-2020-27788 | Out-of-bounds Read vulnerability in UPX An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. | 5.5 |
| 2022-08-18 | CVE-2020-27787 | Unspecified vulnerability in UPX A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. | 5.5 |
| 2022-08-18 | CVE-2020-27790 | Divide By Zero vulnerability in UPX A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. | 5.5 |