 
                        We found results for “”
CVE-2025-2849
Date: March 27, 2025
A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.
Severity Score
Related Resources (10)
Severity Score
Weakness Type (CWE)
CVSS v3.1
| Base Score: |  | 
|---|---|
| Attack Vector (AV): | LOCAL | 
| Attack Complexity (AC): | LOW | 
| Privileges Required (PR): | LOW | 
| User Interaction (UI): | NONE | 
| Scope (S): | UNCHANGED | 
| Confidentiality (C): | NONE | 
| Integrity (I): | NONE | 
| Availability (A): | LOW | 
CVSS v2
| Base Score: |  | 
|---|---|
| Access Vector (AV): | LOCAL | 
| Access Complexity (AC): | LOW | 
| Authentication (AU): | SINGLE | 
| Confidentiality (C): | NONE | 
| Integrity (I): | NONE | 
| Availability (A): | PARTIAL | 
| Additional information: | 
 Vulnerabilities
                        Vulnerabilities
                 Projects
                        Projects
                 Vulnerability Disclosure
                        Vulnerability Disclosure
                 About Us
                    About Us
                 Contact Us
                    Contact Us
                

