CVE-2025-15649

Published: Mag 27, 2026 Last Modified: Mag 27, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date.

_dosToUnixTime() decodes the local-file-header last-modification date field and calls Time::Local::timelocal() without an eval guard. A header whose date field decodes to an out-of-range month, day, or hour causes timelocal() to die.

The exception propagates out of IO::Uncompress::Unzip->new($file) where callers expect undef plus $UnzipError.

248

Uncaught Exception

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Confidentiality

Potential Impacts:

Dos: Crash, Exit, Or Restart Read Application Data

Applicable Platforms

Languages: C++, Java, C#

View CWE Details

https://github.com/pmqs/IO-Compress/commit/fd28c1d2374eee98…

https://github.com/pmqs/IO-Compress/commit/fd28c1d2374eee9811f6d0c5bddc0957abdf…

https://github.com/pmqs/IO-Compress/issues/65

https://metacpan.org/release/PMQS/IO-Compress-2.215/changes

CVE-2025-15649

Description

Uncaught Exception

Common Consequences

Applicable Platforms

Iscriviti alla newsletter