OSV-2025-544

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/upx/OSV-2025-544.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-544
Published
2025-07-11T00:16:53.687776Z
Modified
2025-07-11T00:16:53.688703Z
Summary
Heap-buffer-overflow in N_BELE_RTP::LEPolicy::get32
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=430110068

Crash type: Heap-buffer-overflow READ 4
Crash state:
N_BELE_RTP::LEPolicy::get32
PackLinuxElf32::elf_lookup
PackLinuxElf32::PackLinuxElf32help1
References

Affected packages

OSS-Fuzz / upx

Package

Name
upx
Purl
pkg:generic/upx

Affected ranges

Type
GIT
Repo
https://github.com/upx/upx.git
Events
Introduced
24b4ec42e701814b5bf55685f6fbc81e25f1044c
Fixed
b52d3e077205022036ee1e1eeae41529c2cb57a2

Affected versions

v5.*
v5.0.2

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

introduced_range 
"52dde5789ebab43bc8b358aa8a7d7a56d2df79f2:b728b0e021bc499e9b32ef2011c2f9f0f5fdf1cc"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/upx/OSV-2025-544.yaml"