John Reiser

8 exploits Active since Jun 2020
CVE-2019-20805 WRITEUP MEDIUM WRITEUP
UPX < 3.96 - Integer Overflow via PT_DYNAMIC Segment
p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.
CVSS 5.5
CVE-2020-27787 WRITEUP MEDIUM WRITEUP
UPX < 3.96 - Denial of Service via Crafted Input File in invert_pt_dynamic()
A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
CVSS 5.5
CVE-2020-27788 WRITEUP MEDIUM WRITEUP
UPX < 3.96 - Denial of Service via Out-of-Bounds Read in PackLinuxElf64::canPack()
An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service.
CVSS 5.5
CVE-2020-27790 WRITEUP MEDIUM WRITEUP
UPX < 3.96 - Denial of Service via Crafted Input File
A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.
CVSS 5.5
CVE-2021-30500 WRITEUP HIGH WRITEUP
UPX 4.0.0 - Null Pointer Dereference in PackLinuxElf::canUnpack()
Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.
CVSS 7.8
CVE-2023-23456 WRITEUP MEDIUM WRITEUP
UPX < 2022-11-24 - Heap-Based Buffer Overflow in PackTmt::pack()
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
CVSS 5.3
CVE-2023-23457 WRITEUP MEDIUM WRITEUP
UPX < 2022-11-23 - Denial of Service via Crafted Input File
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
CVSS 5.3
CVE-2025-2849 WRITEUP LOW WRITEUP
UPX < 5.0.0 - Heap-Based Buffer Overflow in PackLinuxElf64::un_DT_INIT
A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.
CVSS 3.3