Perl Compress::Raw::Zlib uses outdated, insecure zlib library

Summary

Compress::Raw::Zlib, a Perl library, includes an outdated zlib library that may have security weaknesses. This affects users who rely on Compress::Raw::Zlib for data compression. To stay secure, update to Compress::Raw::Zlib version 2.220 or later.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
canonical	perl	All versions	–
canonical	perl	All versions	–
canonical	libcompress-raw-zlib-perl	All versions	–
canonical	perl	All versions	–
canonical	libcompress-raw-zlib-perl	All versions	–
canonical	perl	All versions	–
canonical	libcompress-raw-zlib-perl	All versions	–

Original title

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zl...

Original description

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.

osv CVSS3.1 9.8

https://ubuntu.com/security/CVE-2026-3381 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2026-3381 Third Party Advisory
https://lists.security.metacpan.org/cve-announce/msg/37638919/ Third Party Advisory
https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ Third Party Advisory
https://github.com/madler/zlib Third Party Advisory
https://github.com/madler/zlib/releases/tag/v1.3.2 Third Party Advisory
https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2026-27171 Third Party Advisory
https://www.zlib.net/ Third Party Advisory