Release of Invalid Pointer or Reference
CVE-2020-27798
Summary
An invalid memory address reference was discovered in the "adjABS" function in "p_lx_elf.cpp" in UPX before v3.99 via a crafted Mach-O file.
- LOW
- LOCAL
- NONE
- UNCHANGED
- REQUIRED
- NONE
- NONE
- HIGH
CWE-763 - Release of Invalid Pointer or Reference
The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.
Advisory Timeline
- Published