CVE-2019-14295

Name of the Vulnerable Software and Affected Versions UPX version 3.95

Description The issue is caused by an integer overflow in the getElfSections function, allowing remote attackers to trigger a denial of service by causing the program to crash. This is achieved by providing a skewed offset larger than the size of the PE section in a UPX packed executable, resulting in an allocation of excessive memory.

Recommendations For UPX version 3.95, consider updating to a newer version that addresses this issue, as the current version can lead to a denial of service due to excessive memory allocation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.