What the vulnerability does

01Description

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.

Key dates

02Disclosure timeline

May 26, 2021 CVE published
August 3, 2024 Record updated