Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.
Compress::Raw::Zlib includes its own bundled copy of the zlib library instead of using the system version. Versions up to 2.219 contain a version of zlib that has vulnerabilities identified during the security audit conducted by 7ASecurity. Version 2.220 of the module updated the bundled library to zlib 1.3.2, which includes fixes for the identified issues, including CVE-2026-27171. The vulnerability is related to improper validation of input data (CWE-1284), which can lead to unexpected behavior when processing compressed data.
An attacker can remotely, without authentication, compromise the confidentiality, integrity, and availability of a system using the vulnerable Perl module.
Update the Compress::Raw::Zlib module to version 2.220 or newer (e.g., 2.221), which includes zlib 1.3.2 with security fixes identified during the 7ASecurity audit. The update is available in the CPAN repository.
Compress::Raw::Zlib for Perl in versions up to and including 2.219
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPmqs Compress\
APPPmqs\