An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of plxelf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service.
{
"cpe": "cpe:2.3:a:upx:upx:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.96"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}[
{
"source": "https://github.com/upx/upx/commit/1bb93d4fce9f1d764ba57bf5ac154af515b3fc83",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "151185809428527722139195468283067464036",
"length": 10638.0
},
"deprecated": false,
"id": "CVE-2020-27788-0b76053e",
"target": {
"function": "PackLinuxElf32::canPack",
"file": "src/p_lx_elf.cpp"
}
},
{
"source": "https://github.com/upx/upx/commit/1bb93d4fce9f1d764ba57bf5ac154af515b3fc83",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "167713624437359543478701988430981518868",
"length": 9181.0
},
"deprecated": false,
"id": "CVE-2020-27788-28e2fc61",
"target": {
"function": "PackLinuxElf64::canPack",
"file": "src/p_lx_elf.cpp"
}
},
{
"source": "https://github.com/upx/upx/commit/1bb93d4fce9f1d764ba57bf5ac154af515b3fc83",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"82204206008690361854362666745483772762",
"146337883991646778533533671510182923041",
"113781826776723822040192522040459030607",
"119719493737525636567212474936345438799",
"212306472503360752631373549545311537706",
"215296202042475403213892820095272079781",
"195177008081007374364685174425345771296",
"225733359486523670131980833535423497494",
"21655068984884843147063041982638797859",
"48473761488894269526620175745591509550",
"303907887036440362275675322814852535086",
"119719493737525636567212474936345438799",
"212306472503360752631373549545311537706",
"215296202042475403213892820095272079781",
"195177008081007374364685174425345771296",
"225733359486523670131980833535423497494"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2020-27788-cc616e44",
"target": {
"file": "src/p_lx_elf.cpp"
}
}
]
"2026-07-08T20:42:06Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27788.json"