CVE-2022-4976: Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities

CVE-2022-4976: Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities Stig Palmquist 12 Jun 2025 00:35 UTC

========================================================================
CVE-2022-4976                                        CPAN Security Group
========================================================================

        CVE ID:  CVE-2022-4976
  Distribution:  Archive-Unzip-Burst
      Versions:  from 0.01 through 0.09

      MetaCPAN:  https://metacpan.org/dist/Archive-Unzip-Burst
      VCS Repo:  https://github.com/mohawk2/Archive-Unzip-Burst

Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a
bundled InfoZip library that is affected by several vulnerabilities

Description
-----------
Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a
bundled InfoZip library that is affected by several vulnerabilities.

The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and
CVE-2014-8141.

Problem types
-------------
- CWE-1395 Dependency on Vulnerable Third-Party Component

References
----------
https://rt.cpan.org/Public/Bug/Display.html?id=143547