What the vulnerability does

01Description

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.

Key dates

02Disclosure timeline

March 24, 2023 CVE published
February 25, 2025 Record updated