IO::Compress Tool Vulnerability in Perl Affected by Zipdetails CLI
CVE-2026-48961

Currently unrated

Key Information:

Vendor

PMQs

Status
Io::compress
Vendor
CVE Published:
27 May 2026

What is CVE-2026-48961?

A flaw exists in the zipdetails command line interface tool bundled with IO::Compress versions prior to 2.220 for Perl. The tool crashes when it encounters an Info-ZIP Unix Extra Field with an 8-byte User ID (UID) or Group ID (GID) due to a call to a misnamed subroutine, leading to an 'Undefined subroutine' error. This issue primarily affects users utilizing the zipdetails tool, while library callers using IO::Compress and IO::Uncompress remain unaffected.

Affected Version(s)

IO::Compress 2.207 < 2.220

References

https://github.com/pmqs/IO-Compress/commit/33c89d03d6e746...
patch
https://metacpan.org/release/PMQS/IO-Compress-2.220/changes
release-notes

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.