CVE-2025-2849

UPX p_lx_elf.cpp un_DT_INIT heap-based overflow

Description

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.

INFO

Published Date :

2025-03-27T13:31:06.442Z

Last Modified :

2025-03-27T14:11:39.541Z

Source :

VulDB

AFFECTED PRODUCTS

The following products are affected by CVE-2025-2849 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-2849.

URL	Resource
https://github.com/upx/upx/commit/e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2
https://github.com/upx/upx/issues/898
https://github.com/upx/upx/issues/898#issuecomment-2734082143
https://github.com/user-attachments/files/19307868/input.zip
https://vuldb.com/?ctiid.301494
https://vuldb.com/?id.301494
https://vuldb.com/?submit.522371

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact