Search Results (15970 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-14296 1 Upx 1 Upx 2025-04-11 N/A
canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.
CVE-2020-27801 1 Upx 1 Upx 2025-04-11 7.8 High
A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27796 1 Upx 1 Upx 2025-04-11 7.8 High
A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27799 1 Upx 1 Upx 2025-04-11 7.8 High
A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27797 1 Upx 1 Upx 2025-04-11 5.5 Medium
An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27800 1 Upx 1 Upx 2025-04-11 7.8 High
A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.
CVE-2020-27787 1 Upx 1 Upx 2025-04-11 5.5 Medium
A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
CVE-2020-27798 1 Upx 1 Upx 2025-04-11 5.5 Medium
An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
CVE-2021-43311 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.
CVE-2021-43312 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.
CVE-2021-20285 1 Upx 1 Upx 2025-04-11 6.6 Medium
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.
CVE-2021-43315 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349
CVE-2021-43316 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64().
CVE-2021-43317 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404
CVE-2021-43313 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.
CVE-2021-43314 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368
CVE-2011-0258 2 Apple, Microsoft 4 Quicktime, Windows 7, Windows Vista and 1 more 2025-04-11 N/A
Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file.
CVE-2011-4040 1 Njstar 1 Njstar Communicator 2025-04-11 N/A
Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2010-1869 1 Artifex 1 Gpl Ghostscript 2025-04-11 N/A
Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file.
CVE-2011-0333 1 Novell 1 Groupwise 2025-04-11 N/A
Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error."