{"id":"CVE-2020-27790","details":"A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.","modified":"2026-04-11T11:23:32.679665Z","published":"2022-08-18T19:15:14.270Z","references":[{"type":"FIX","url":"https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26"},{"type":"FIX","url":"https://github.com/upx/upx/issues/331"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/upx/upx","events":[{"introduced":"0"},{"fixed":"d7ba31cab8ce8d95d2c10e88d2ec787ac52005ef"},{"fixed":"eb90eab6325d009004ffb155e3e33f22d4d3ca26"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.96"}]}}],"versions":["v1.10","v1.11","v1.90","v1.91","v1.92","v1.93","v1.94","v1.95","v1.96","v2.00","v2.01","v2.90","v2.91","v2.92","v2.93","v3.00","v3.01","v3.02","v3.03","v3.04","v3.06","v3.07","v3.09","v3.91","v3.92","v3.93","v3.95"],"database_specific":{"vanir_signatures_modified":"2026-04-11T11:23:32Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27790.json","vanir_signatures":[{"deprecated":false,"digest":{"length":4710,"function_hash":"39145774349881406499490838442227643832"},"target":{"file":"src/p_lx_elf.cpp","function":"PackLinuxElf64::invert_pt_dynamic"},"id":"CVE-2020-27790-3da0794d","source":"https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26","signature_version":"v1","signature_type":"Function"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["145317539181996960361772925008465779633","94015680874872155869221410711918543027","257512030421514357358869368144131751659","298170221817619621746268218005615421586","283676182918635026582081218396605593518","55785102059274965658935216953625066706","328888672173557559298943631052536989415","31690962482186716370246826971741377946","245997566423411587258879575204015010789","268893060449688657934830261936630756159","130621782137866202238534780205650051100","283676182918635026582081218396605593518","17716483559486129341011559618088020649","309750729337696117110651538933617513361"]},"target":{"file":"src/p_lx_elf.cpp"},"id":"CVE-2020-27790-921010b1","source":"https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26","signature_version":"v1","signature_type":"Line"},{"deprecated":false,"digest":{"length":4495,"function_hash":"274167896519579016535090281065602039843"},"target":{"file":"src/p_lx_elf.cpp","function":"PackLinuxElf32::invert_pt_dynamic"},"id":"CVE-2020-27790-98f2934b","source":"https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26","signature_version":"v1","signature_type":"Function"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}