CVE-2025-15649

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date.

dosToUnixTime() decodes the local-file-header last-modification date field and calls Time::Local::timelocal() without an eval guard. A header whose date field decodes to an out-of-range month, day, or hour causes timelocal() to die.

The exception propagates out of IO::Uncompress::Unzip->new($file) where callers expect undef plus $UnzipError.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-248

Related Identifiers

CVE-2025-15649

Affected Products

Io::Uncompress::Unzip

CVE-2025-15649

Weakness Enumeration

Related Identifiers

Affected Products

References · 4