{"id":"MGASA-2024-0134","summary":"Updated upx packages fix security vulnerability","details":"A vulnerability was found in UPX up to 4.2.2. It has been rated as\ncritical. This issue affects the function get_ne64 of the file bele.h.\nThe manipulation leads to heap-based buffer overflow. The exploit has\nbeen disclosed to the public and may be used. The associated identifier\nof this vulnerability is VDB-259055. NOTE: The vendor was contacted\nearly about this disclosure but did not respond in any way.\n","modified":"2026-04-16T00:08:58.268421044Z","published":"2024-04-15T18:21:57Z","upstream":["CVE-2024-3209"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0134.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33069"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHWZN2NX5W3WYA6ACJ746PAZXXNZETKD/"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-97xg-px2h-jvxp"}],"affected":[{"package":{"name":"upx","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/upx?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.3-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0134.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}