An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file. Upstream issue: https://github.com/upx/upx/issues/486 Upstream patch: https://github.com/upx/upx/pull/487 https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46
Created upx tracking bugs for this issue: Affects: epel-all [bug 1948697] Affects: fedora-all [bug 1948698]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.