CVE-2017-16869: Buffer Overflow
First published: Fri Nov 17 2017(Updated: )
** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever."
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| UPX | =3.94 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this UPX vulnerability?
CVE-2017-16869.
What is the severity rating of CVE-2017-16869?
The severity rating of CVE-2017-16869 is 7.8 (high).
How does CVE-2017-16869 affect UPX 3.94?
CVE-2017-16869 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Mach-O file when using UPX 3.94.
How can I fix CVE-2017-16869 in UPX 3.94?
To fix CVE-2017-16869 in UPX 3.94, it is recommended to update to a version that addresses the vulnerability.
Where can I find more information about CVE-2017-16869?
You can find more information about CVE-2017-16869 at the following link: [https://github.com/upx/upx/issues/146](https://github.com/upx/upx/issues/146).
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/status
- agent/softwarecombine
- agent/description
- agent/event
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/upx project
- canonical/upx
- version/upx/3.94
- status/disputed