upx 漏洞與 CVE 列表(35)

產品(CPE): — CVE 數: 35

upx 漏洞概覽

彙總 upx 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

已披露問題常與 緩衝區溢位、記憶體損壞與輸入驗證問題 相關,可能在 軟體部署與生產負載 場景中帶來 應用程式崩潰與記憶體損壞 等暴露風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 12035 CVE 數
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2025-2849 A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue. [email protected] 4.8 0.26% 2025-03-27 2026-06-17
CVE-2024-3209 A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 5.5 1.22% 2024-04-02 2026-06-17
CVE-2021-46179 Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function. [email protected] 6.5 0.45% 2023-08-22 2026-06-17
CVE-2021-43317 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404 [email protected] 7.5 0.82% 2023-03-24 2026-06-17
CVE-2021-43316 A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64(). [email protected] 7.5 0.82% 2023-03-24 2026-06-17
CVE-2021-43315 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349 [email protected] 7.5 0.82% 2023-03-24 2026-06-17
CVE-2021-43314 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368 [email protected] 7.5 0.82% 2023-03-24 2026-06-17
CVE-2021-43313 A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688. [email protected] 7.5 0.82% 2023-03-24 2026-06-17
CVE-2021-43312 A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239. [email protected] 7.5 0.82% 2023-03-24 2026-06-17
CVE-2021-43311 A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382. [email protected] 7.5 0.82% 2023-03-24 2026-06-17
CVE-2023-23457 A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. [email protected] 5.3 0.35% 2023-01-12 2026-06-17
CVE-2023-23456 A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. [email protected] 5.3 0.39% 2023-01-12 2026-06-17
CVE-2020-27802 An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. [email protected] 5.5 0.27% 2022-08-25 2026-06-16
CVE-2020-27801 A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file. [email protected] 7.8 0.36% 2022-08-25 2026-06-16
CVE-2020-27800 A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file. [email protected] 7.8 0.31% 2022-08-25 2026-06-16
CVE-2020-27799 A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file. [email protected] 7.8 0.31% 2022-08-25 2026-06-16
CVE-2020-27798 An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. [email protected] 5.5 0.27% 2022-08-25 2026-06-16
CVE-2020-27797 An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. [email protected] 5.5 0.27% 2022-08-25 2026-06-16
CVE-2020-27796 A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. [email protected] 7.8 0.31% 2022-08-25 2026-06-16
CVE-2020-27788 An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. [email protected] 5.5 0.32% 2022-08-18 2026-06-16
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
cvelogic Threat Intelligence