/ 
Archive-Unzip-Burst-0.03
Security Advisories (4)
CVE-2022-4976 (2025-06-12)

Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141.

CVE-2014-8141 (2020-01-31)

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

CVE-2014-8140 (2020-01-31)

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

CVE-2014-8139 (2020-01-31)

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

Changes for version 0.03 - 2015-01-15

  • Update unzip version to 6.0
  • Rewrote build system to eliminate misuse of "static" target in res
  • Squashed directory structure to eliminate "res" directory
  • Make work seamlessly on Win32
  • Add metadata so CPAN knows where git repo etc are

Changes for version 0.02_2 - 2008-05-16

  • Mark Dootson supplied a potential fix to make this module work on Windows.

Changes for version 0.02_1 - 2007-09-05

  • Experimental change to Makefile.PL: Add an explicit mention of LD_LIBRARY_PATH and the local unzip src directory. Perhaps that might fix the failures related to lacking a -lunzip.

Modules

Archive::Unzip::Burst
Featureless but fast ZIP extraction

Other files