CVE-2025-2849

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions UPX versions up to 5.0.0

Description A problematic issue was found in the function PackLinuxElf64::un DT INIT of the file src/p lx elf.cpp, leading to a heap-based buffer overflow. The attack can be launched on the local host.

Recommendations Apply a patch to fix this issue, specifically the patch identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122CWE-119

Related Identifiers

BDU:2025-06969

CVE-2025-2849

MGASA-2025-0122

OPENSUSE-SU-2025:14947-1

Affected Products

Debian

Red Os

Upx

CVE-2025-2849

Weakness Enumeration

Related Identifiers

Affected Products

References · 26