50 matches found
Exploit for CVE-2026-48962
Summary An eval injection vulnerability in File::GlobMappe...
📄 IO-Compress 2.219 Eval Injection
An eval injection vulnerability in File::GlobMapper::getFiles allows any attacker who can control the output fileglob argument passed to IO::Compress::Gzip::gzip, IO::Compress::Zip::zip, or any sibling function to execute arbitrary Perl code in the context of the running process. Summary An eval...
TencentOS Server 4: perl-IO-Compress (TSSA-2026:0426)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0426 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
OPENSUSE-SU-2026:10969-1 perl-IO-Compress-2.220.0-2.1 on GA media
These are all security issues fixed in the perl-IO-Compress-2.220.0-2.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-48961
A flaw was found in the zipdetails command-line interface CLI tool, bundled with IO::Compress for Perl. When processing a specially crafted Info-ZIP Unix Extra Field with an 8-byte User ID UID or Group ID GID, the zipdetails tool attempts to call an undefined subroutine. This can lead to the tool...
perl-IO-Compress-2.220.0-1.1 on GA media (moderate)
perl-IO-Compress-2.220.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10939-1 Rating: moderate Cross-References: CVE-2026-48962 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
PT-2026-45971
These are all security issues fixed in the perl-IO-Compress-2.220.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10939-1 perl-IO-Compress-2.220.0-1.1 on GA media
These are all security issues fixed in the perl-IO-Compress-2.220.0-1.1 package on the GA media of openSUSE Tumbleweed...
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
...
CVE-2026-48962
A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...
SUSE CVE-2026-48962
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...
CVE-2026-48961
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
CVE-2026-48962
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...
UBUNTU-CVE-2026-48961
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
UBUNTU-CVE-2026-48962
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...
CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...
CVE-2026-48962
CVE-2026-48962 affects IO::Compress for Perl versions before 2.220. The issue arises in _parseOutputGlob() which wraps the caller-supplied output glob in quotes, with _getFiles() evaluating the expression via Perl’s eval STRING. An attacker-supplied output glob containing a literal double quote c...
CVE-2026-48961
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
CVE-2026-48961
CVE-2026-48961 affects IO::Compress for Perl: versions 2.207 through 2.219 include a bug in the bundled zipdetails CLI tool where decoding an Info-ZIP Unix Extra Field (tag 0x7875) with UID/GID size 8 triggers a misnamed function call unpackValueQ, causing an undefined subroutine error and exit (...
CVE-2026-48961
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...