VDB
GCVE-110-MAGEIA-2020-96
GCVE-110-MAGEIA-2020-96
Advisory Published
The updated packages fix security vulnerabilities:
PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers
to cause a denial of service (double free), limit the ability of a malware
scanner to operate on the entire original data, or possibly have
unspecified other impact via a crafted file. (CVE-2018-11243)
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in
UPX 3.95 via a crafted Mach-O file. (CVE-2019-20021)
A floating-point exception was discovered in PackLinuxElf::elf_hash in
p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash,
which leads to denial of service. (CVE-2019-20051)
An invalid memory address dereference was discovered in the canUnpack
function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
(CVE-2019-20053)
A denial of service in PackLinuxElf32::PackLinuxElf32help1().
(CVE-2019-1010048)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | qtqr | 2.0-0.bzr39.1.mga7 (unaffected), 0 (affected) | — |
| Mageia | upx | 3.96-1.mga7 (unaffected), 0 (affected), 0 (affected), 3.96-1.mga7 (unaffected) | — |
| Mageia | ucl | 0 (affected), 1.03-16.1.mga7 (unaffected), 0 (affected), 1.03-16.1.mga7 (unaffected) | — |
| Mageia | zbar | 0 (affected), 0.23-1.mga7 (unaffected) | — |
References
Updated qtqr and zbar packages
advisory
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.