What the vulnerability does

01Description

A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.

Key dates

02Disclosure timeline

March 24, 2023 CVE published
February 25, 2025 Record updated