CVE-2017-16869

Name of the Vulnerable Software and Affected Versions UPX version 3.94

Description The issue allows remote attackers to cause a denial of service, resulting in invalid memory access and application crash, or possibly have other unspecified impacts via a crafted Mach-O file. This is related to the canPack and unpack functions. The vendor has stated that there is no security implication.

Recommendations For UPX version 3.94, consider avoiding the use of crafted Mach-O files to minimize the risk of exploitation. As a temporary workaround, consider restricting the use of the canPack and unpack functions until further guidance is available. At the moment, there is no information about a newer version that contains a fix for this issue.