Lucene search

MitreCVELIST:CVE-2019-14296

HistoryJul 27, 2019 - 6:40 p.m.

CVE-2019-14296

2019-07-2718:40:41

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.0%

JSON

canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.

References

lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html

lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html

github.com/upx/upx/issues/287

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCJ43HTM45GZCAQ2FLEBDNBM76V22RG/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T52JATXV6NTPTMGXCRGT37H6KXERYNZN/