CVE-2026-3381
Published: March 5th, 2026
Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib.
Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.
CRITICAL
CVSS v3: 9.8
CVSS v3: 9.8
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 26.1.1 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 26.1 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 25.4 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 25.3 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 25.2 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 25.1.1 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 25.1 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 24.4 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 24.4.0 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 24.3 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 24.2.1 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 24.2 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 24.1 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 23.3 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 23.2.1 | zlib (1.2.12) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 23.2 | zlib (1.2.12) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 23.1 | zlib (1.2.12) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 22.4 | zlib (1.2.12) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 22.3 | zlib (1.2.12) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 22.2 | zlib (1.2.12) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 22.1 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 21.11.1 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 21.11 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 21.8.1 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 21.8 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 21.5.1 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 21.5.0 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 21.2.0 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.20 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.19.3667 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.18.3599 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.17 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.16.3445 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.15.3368 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.14.3263 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.13.3179 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.12.3054 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.11.3040 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.11.2990 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.10.2934 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.9.2878 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
| 11.4.8.2822 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-3381 is specific to Compress::Raw::Zlib, a Perl module that bundles its own copy of zlib. Document Filters does not use Perl or the Compress::Raw::Zlib module. The underlying zlib vulnerability (CVE-2026-27171) is already triaged separately as not_affected/code_not_reachable because Document Filters never calls the affected crc32_combine functions. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
9.8
Base Severity
CRITICAL
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version
3.1