Vulnerabilities > UPX > UPX > 3.04

DATE CVE VULNERABILITY TITLE RISK
2025-03-27 CVE-2025-2849 Heap-based Buffer Overflow vulnerability in UPX
A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0.
local
low complexity
upx CWE-122
5.5
5.5
2023-08-22 CVE-2021-46179 Reachable Assertion vulnerability in UPX
Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function.
network
low complexity
upx CWE-617
6.5
6.5
2023-03-24 CVE-2021-43311 Out-of-bounds Write vulnerability in UPX
A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32().
network
low complexity
upx CWE-787
7.5
7.5
2023-03-24 CVE-2021-43312 Out-of-bounds Write vulnerability in UPX
A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address.
network
low complexity
upx CWE-787
7.5
7.5
2023-03-24 CVE-2021-43313 Out-of-bounds Write vulnerability in UPX
A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address.
network
low complexity
upx CWE-787
7.5
7.5
2023-03-24 CVE-2021-43314 Out-of-bounds Write vulnerability in UPX
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32().
network
low complexity
upx CWE-787
7.5
7.5
2023-03-24 CVE-2021-43315 Out-of-bounds Write vulnerability in UPX
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32().
network
low complexity
upx CWE-787
7.5
7.5
2023-03-24 CVE-2021-43316 Out-of-bounds Write vulnerability in UPX
A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64().
network
low complexity
upx CWE-787
7.5
7.5
2023-03-24 CVE-2021-43317 Out-of-bounds Write vulnerability in UPX
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32().
network
low complexity
upx CWE-787
7.5
7.5
2023-01-12 CVE-2023-23456 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file.
local
low complexity
upx fedoraproject CWE-787
5.5
5.5