CVE-2025-40912: CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode

CVE-2025-40912: CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode Robert Rothenberg 11 Jun 2025 17:50 UTC

========================================================================
CVE-2025-40912                                       CPAN Security Group
========================================================================

         CVE ID:  CVE-2025-40912
   Distribution:  CryptX
       Versions:  from 0.002 before 0.065

       MetaCPAN:  https://metacpan.org/dist/CryptX
       VCS Repo:  https://github.com/DCIT/perl-CryptX

CryptX for Perl before version 0.065 contains a dependency that may be
susceptible to malformed unicode

Description
-----------
CryptX for Perl before version 0.065 contains a dependency that may be
susceptible to malformed unicode.

CryptX embeds the tomcrypt library. The versions of that library in
CryptX before 0.065 may be susceptible to CVE-2019-17362.

Problem types
-------------
- CWE-1395 Dependency on Vulnerable Third-Party Component

Solutions
---------
Users should update to version 0.065 or later.

References
----------
https://github.com/libtom/libtomcrypt/issues/507