canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html