0.001 Low
EPSS
Percentile
34.8%
upx is vulnerable to denial of service. The vulnerability exists due to the heap-based buffer over-read in the get_le64 function of bele.h, allowing an attacker to crash the application through the maliciously crafted Mach-O file.
get_le64
bele.h
Mach-O
github.com/upx/upx/issues/394
secdb.alpinelinux.org/edge/community.yaml