Source: upx-ucl X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for upx-ucl. CVE-2025-2849[0]: | A vulnerability, which was classified as problematic, was found in | UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT | of the file src/p_lx_elf.cpp. The manipulation leads to heap-based | buffer overflow. It is possible to launch the attack on the local | host. The exploit has been disclosed to the public and may be used. | The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. | It is recommended to apply a patch to fix this issue. https://github.com/upx/upx/issues/898 https://github.com/upx/upx/commit/e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-2849 https://www.cve.org/CVERecord?id=CVE-2025-2849 Please adjust the affected versions in the BTS as needed.
