John Reiser

8 exploits Active since Jun 2020
CVE-2019-20805 WRITEUP MEDIUM WRITEUP
Upx < 3.96 - Integer Overflow
p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.
CVSS 5.5
CVE-2020-27787 WRITEUP MEDIUM WRITEUP
Upx < 3.96 - Memory Corruption
A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
CVSS 5.5
CVE-2020-27788 WRITEUP MEDIUM WRITEUP
Upx < 3.96 - Out-of-Bounds Read
An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service.
CVSS 5.5
CVE-2020-27790 WRITEUP MEDIUM WRITEUP
Upx < 3.96 - Divide By Zero
A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.
CVSS 5.5
CVE-2021-30500 WRITEUP HIGH WRITEUP
UPX 4.0.0 - RCE/DoS
Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.
CVSS 7.8
CVE-2023-23456 WRITEUP MEDIUM WRITEUP
Upx < 2022-11-24 - Out-of-Bounds Write
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
CVSS 5.3
CVE-2023-23457 WRITEUP MEDIUM WRITEUP
Upx < 2022-11-23 - Memory Corruption
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
CVSS 5.3
CVE-2025-2849 WRITEUP LOW WRITEUP
Upx < 5.0.0 - Out-of-Bounds Write
A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.
CVSS 3.3