{"id":"CVE-2020-27787","details":"A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.","modified":"2026-04-11T09:46:23.874233Z","published":"2022-08-18T19:15:14.210Z","references":[{"type":"FIX","url":"https://github.com/upx/upx/commit/e2f60adc95334f47e286838dac33160819c5d74d"},{"type":"FIX","url":"https://github.com/upx/upx/issues/333"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/upx/upx","events":[{"introduced":"0"},{"fixed":"d7ba31cab8ce8d95d2c10e88d2ec787ac52005ef"},{"fixed":"e2f60adc95334f47e286838dac33160819c5d74d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.96"}]}}],"versions":["v1.10","v1.11","v1.90","v1.91","v1.92","v1.93","v1.94","v1.95","v1.96","v2.00","v2.01","v2.90","v2.91","v2.92","v2.93","v3.00","v3.01","v3.02","v3.03","v3.04","v3.06","v3.07","v3.09","v3.91","v3.92","v3.93","v3.95"],"database_specific":{"vanir_signatures":[{"digest":{"function_hash":"144188400907574595322118236151414717433","length":4697},"deprecated":false,"signature_version":"v1","source":"https://github.com/upx/upx/commit/e2f60adc95334f47e286838dac33160819c5d74d","id":"CVE-2020-27787-4f82974f","target":{"function":"PackLinuxElf32::invert_pt_dynamic","file":"src/p_lx_elf.cpp"},"signature_type":"Function"},{"digest":{"function_hash":"340111673276646739986786030959432866294","length":4912},"deprecated":false,"signature_version":"v1","source":"https://github.com/upx/upx/commit/e2f60adc95334f47e286838dac33160819c5d74d","id":"CVE-2020-27787-af096cd6","target":{"function":"PackLinuxElf64::invert_pt_dynamic","file":"src/p_lx_elf.cpp"},"signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["257870881940862614609256973709132984056","272158922209213423681413894420799670836","176268528693580875637945846304155638766","4221361576905600357362673166681574292","154229085320354130783943885107519624097","11798162522091701296182368638276175336","282848170757409618206783482560684873570","31926769796970019876012897729278008859","244734299183139268848497553753801842845","258066308543225000455264772561468355391","257870881940862614609256973709132984056","272158922209213423681413894420799670836","176268528693580875637945846304155638766","4221361576905600357362673166681574292","154229085320354130783943885107519624097","266942197280038991510482381445817127018","207549958718149381218130491740951084509","95523670887827168245398882281645789644","85300983397851604295314245906508970075","299798673324378474265789794499724747146"]},"deprecated":false,"signature_version":"v1","source":"https://github.com/upx/upx/commit/e2f60adc95334f47e286838dac33160819c5d74d","id":"CVE-2020-27787-bedbb14e","target":{"file":"src/p_lx_elf.cpp"},"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27787.json","vanir_signatures_modified":"2026-04-11T09:46:23Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}