p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack(). Upstream issue: https://github.com/upx/upx/issues/128 Upstream patch: https://github.com/upx/upx/commit/ef336dbcc6dc8344482f8cf6c909ae96c3286317
Created upx tracking bugs for this issue: Affects: fedora-all [bug 1500428]