VYPR

IO::Uncompress::Unzip

by Perl Foundation

Source repositories

CVEs (1)

  • CVE-2026-48959HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward() compares length $offset (the digit count of the offset, 1 to 19) against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19…