30 matches found
CVE-2025-15649
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...
CVE-2025-15649
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...
CVE-2025-15649
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...
CVE-2025-15649
CVE-2025-15649 affects IO::Uncompress::Unzip in Perl, with the vulnerability present in versions before 2.215. The issue arises when parsing a ZIP header with a malformed DOS date, where _dosToUnixTime() decodes the local-file-header date and calls Time::Local::timelocal() without an eval guard, ...
EUVD-2025-209949
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...
PT-2026-43482
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...
Linux Distros Unpatched Vulnerability : CVE-2025-15649
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the...
Zombie ZIP method can fool antivirus during the first scan
A researcher published “Zombie ZIP,” a simple way to change the first part header of a ZIP file so it falsely claims its contents are uncompressed while they are actually compressed. Many antivirus products trust that header and never properly decompress or inspect the real payload. In tests...
EUVD-2008-6148
Malware in sbrugna...
Insufficient Verification of Data Authenticity
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to improper handling of modified ZIP file flag bits. Attackers can exploit this by altering...
Insufficient Verification of Data Authenticity
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity when PickleScan attempts to extract and scan PyTorch model archives, an attacker can manipulate...
PYSEC-2025-20
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...
USN-7107-1 zlib vulnerability
It was discovered that Minizip in zlib incorrectly handled certain zip header fields. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code...
zlib: Fix of CVE-2023-45853
CVE-2023-45853: Reject overflows of zip header fields in minizip...
CLSA-2023-1698180806 zlib: Fix of CVE-2023-45853
CVE-2023-45853: Reject overflows of zip header fields in minizip...
CLSA-2023-1698180296 zlib: Fix of CVE-2023-45853
CVE-2023-45853: Reject overflows of zip header fields in minizip...
CLSA-2023-1698180079 zlib: Fix of CVE-2023-45853
CVE-2023-45853: Reject overflows of zip header fields in minizip...
CLSA-2023-1698179874 zlib: Fix of CVE-2023-45853
CVE-2023-45853: Reject overflows of zip header fields in minizip...
CLSA-2023-1698179730 zlib: Fix of CVE-2023-45853
CVE-2023-45853: Reject overflows of zip header fields in minizip...