Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141.

• https://rt.cpan.org/Public/Bug/Display.html?id=143547

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

• https://rt.cpan.org/Ticket/Display.html?id=143547
• https://bugzilla.redhat.com/show_bug.cgi?id=1174856
• http://www.securitytracker.com/id/1031433
• http://www.ocert.org/advisories/ocert-2014-011.html
• https://access.redhat.com/errata/RHSA-2015:0700

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

• https://rt.cpan.org/Ticket/Display.html?id=143547
• https://bugzilla.redhat.com/show_bug.cgi?id=1174851
• http://www.securitytracker.com/id/1031433
• http://www.ocert.org/advisories/ocert-2014-011.html
• https://access.redhat.com/errata/RHSA-2015:0700

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

• https://rt.cpan.org/Ticket/Display.html?id=143547
• http://www.securitytracker.com/id/1031433
• http://www.ocert.org/advisories/ocert-2014-011.html
• https://access.redhat.com/errata/RHSA-2015:0700
• https://bugzilla.redhat.com/show_bug.cgi?id=1174844