216.73.216.128

CVE-2025-15649

· Published 27/05/2026 04:16 · Modified 27/05/2026 19:38

Labels: CVE-2025-15649 2026-05-279b29abf9-4ab0-4765-b253-1875cd9b441eCVE-2025-15649CWE-248

Essential information

Published
27/05/2026 04:16
Modified
27/05/2026 19:38
Author
Creator
CISA KEV
No
CWE

Description

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. _dosToUnixTime() decodes the local-file-header last-modification date field and calls Time::Local::timelocal() without an eval guard. A header whose date field decodes to an out-of-range month, day, or hour causes timelocal() to die. The exception propagates out of IO::Uncompress::Unzip->new($file) where callers expect undef plus $UnzipError.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
9b29abf9-4ab0-4765-b253-1875cd9b441e
NVD
View on NVD

Affected products (CPE)

ProductCPE
perl / io cpe:2.3:a:perl:io::uncompress::unzip:<2.215:*:*:*:*:*:*

References