CVE-2025-2849 | UPX up to 5.0.0 src/p_lx_elf.cpp un_DT_INIT heap-based overflow (Issue 898)

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow.

This vulnerability is traded as CVE-2025-2849. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

It is recommended to apply a patch to fix this issue.VulDB Recent EntriesRead More