Debian Upx-Ucl vulnerabilities
35 known vulnerabilities affecting debian/upx-ucl.
Total CVEs
35
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2LOW33
Vulnerabilities
Page 2 of 2
CVE-2021-20285P4LOWCVSS 6.6fixed in upx-ucl 4.2.2-1 (forky)2021
CVE-2021-20285 [MEDIUM] CVE-2021-20285: upx-ucl - A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows at...
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.
Scope: local
bullseye: open
forky: resolved (fixed in 4.2.2-1)
sid: r
debian
CVE-2019-14295P4LOWCVSS 5.5fixed in upx-ucl 3.95-2 (bullseye)2019
CVE-2019-14295 [MEDIUM] CVE-2019-14295: upx-ucl - An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 a...
An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory.
Scope: local
bullseye: resolved (fixed in 3.95-2)
forky: resolved (fixed in 3.95-2)
sid:
debian
CVE-2023-23456P4MEDIUMCVSS 5.3fixed in upx-ucl 3.96-2+deb11u1 (bullseye)2023
CVE-2023-23456 [MEDIUM] CVE-2023-23456: upx-ucl - A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p...
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
Scope: local
bullseye: resolved (fixed in 3.96-2+deb11u1)
forky: resolved (fixed in 4.2.2-1)
sid: resolved (fixed in 4.2.2-1)
trixie: resolved (fixed in 4.2.2-1)
debian
CVE-2023-23457P4LOWCVSS 5.3fixed in upx-ucl 4.2.2-1 (forky)2023
CVE-2023-23457 [MEDIUM] CVE-2023-23457: upx-ucl - A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in ...
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
Scope: local
bullseye: open
forky: resolved (fixed in 4.2.2-1)
sid: resolved (fixed in 4.2.2-1)
trixie: resolved (fixed in 4.2.2-1)
debian
CVE-2019-20053P4LOWCVSS 5.5fixed in upx-ucl 3.96-1 (bullseye)2019
CVE-2019-20053 [MEDIUM] CVE-2019-20053: upx-ucl - An invalid memory address dereference was discovered in the canUnpack function i...
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
Scope: local
bullseye: resolved (fixed in 3.96-1)
forky: resolved (fixed in 3.96-1)
sid: resolved (fixed in 3.96-1)
trixie: resolved (fixed in 3.96-1)
debian
CVE-2020-27787P4LOWCVSS 5.5fixed in upx-ucl 3.96-1 (bullseye)2020
CVE-2020-27787 [MEDIUM] CVE-2020-27787: upx-ucl - A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_e...
A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
Scope: local
bullseye: resolved (fixed in 3.96-1)
forky: resolved (fixed in 3.96-1)
sid: resolved (fixed in 3.96-1)
trixie: resolved (fixed in 3.96-1)
debian
CVE-2020-27790P4LOWCVSS 5.5fixed in upx-ucl 3.96-1 (bullseye)2020
CVE-2020-27790 [MEDIUM] CVE-2020-27790: upx-ucl - A floating point exception issue was discovered in UPX in PackLinuxElf64::invert...
A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.
Scope: local
bullseye: resolved (fixed in 3.96-1)
forky: resolved (fixed in 3.96-1
debian
CVE-2019-20805P4LOWCVSS 5.5fixed in upx-ucl 3.96-1 (bullseye)2019
CVE-2019-20805 [MEDIUM] CVE-2019-20805: upx-ucl - p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via cra...
p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.
Scope: local
bullseye: resolved (fixed in 3.96-1)
forky: resolved (fixed in 3.96-1)
sid: resolved (fixed in 3.96-1)
trixie: resolved (fixed in 3.96-1)
debian
CVE-2020-27788P4LOWCVSS 5.5fixed in upx-ucl 3.96-1 (bullseye)2020
CVE-2020-27788 [MEDIUM] CVE-2020-27788: upx-ucl - An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf...
An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service.
Scope: local
bullseye: resolved (fixed in 3.96-1)
forky: resolved (fixed in 3.96-1)
sid: resolved (fixed in 3.96-1)
trixi
debian
CVE-2020-27802P4LOWCVSS 5.5fixed in upx-ucl 4.2.2-1 (forky)2020
CVE-2020-27802 [MEDIUM] CVE-2020-27802: upx-ucl - An floating point exception was discovered in the elf_lookup function in p_lx_el...
An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
Scope: local
bullseye: open
forky: resolved (fixed in 4.2.2-1)
sid: resolved (fixed in 4.2.2-1)
trixie: resolved (fixed in 4.2.2-1)
debian
CVE-2020-27798P4LOWCVSS 5.5fixed in upx-ucl 4.2.2-1 (forky)2020
CVE-2020-27798 [MEDIUM] CVE-2020-27798: upx-ucl - An invalid memory address reference was discovered in the adjABS function in p_l...
An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
Scope: local
bullseye: open
forky: resolved (fixed in 4.2.2-1)
sid: resolved (fixed in 4.2.2-1)
trixie: resolved (fixed in 4.2.2-1)
debian
CVE-2020-27797P4LOWCVSS 5.5fixed in upx-ucl 4.2.2-1 (forky)2020
CVE-2020-27797 [MEDIUM] CVE-2020-27797: upx-ucl - An invalid memory address reference was discovered in the elf_lookup function in...
An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
Scope: local
bullseye: open
forky: resolved (fixed in 4.2.2-1)
sid: resolved (fixed in 4.2.2-1)
trixie: resolved (fixed in 4.2.2-1)
debian
CVE-2019-20021P4LOWCVSS 5.5fixed in upx-ucl 3.96-1 (bullseye)2019
CVE-2019-20021 [MEDIUM] CVE-2019-20021: upx-ucl - A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3...
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
Scope: local
bullseye: resolved (fixed in 3.96-1)
forky: resolved (fixed in 3.96-1)
sid: resolved (fixed in 3.96-1)
trixie: resolved (fixed in 3.96-1)
debian
CVE-2021-30501P4LOWCVSS 5.5fixed in upx-ucl 4.2.2-1 (forky)2021
CVE-2021-30501 [MEDIUM] CVE-2021-30501: upx-ucl - An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UP...
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.
Scope: local
bullseye: open
forky: resolved (fixed in 4.2.2-1)
sid: resolved (fixed in 4.2.2-1)
trixie: resolved (fixed in 4.2.2-1)
debian
CVE-2019-20051P4LOWCVSS 5.5fixed in upx-ucl 3.96-1 (bullseye)2019
CVE-2019-20051 [MEDIUM] CVE-2019-20051: upx-ucl - A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf....
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.
Scope: local
bullseye: resolved (fixed in 3.96-1)
forky: resolved (fixed in 3.96-1)
sid: resolved (fixed in 3.96-1)
trixie: resolved (fixed in 3.96-1)
debian
← Previous2 / 2