CVE-2009-1391

EXPLOITED IN THE WILD

Compress::Raw::Zlib Perl Module < 2.017 - Denial of Service via Crafted Zlib Compressed Stream

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2009-1391 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including Leo Bergolth.

AI-analyzed exploit summary The provided text describes a remote code execution vulnerability in the 'Compress::Raw::Zlib' Perl module prior to version 2.017. It references a security advisory but does not include actual exploit code or technical details.

Description

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Leo Bergolth · textremotelinux
https://www.exploit-db.com/exploits/33032

The provided text describes a remote code execution vulnerability in the 'Compress::Raw::Zlib' Perl module prior to version 2.017. It references a security advisory but does not include actual exploit code or technical details.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Theoretical
Reliability
Theoretical
Target: Compress::Raw::Zlib < 2.017
No auth needed
Prerequisites: Application using the vulnerable module
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51062
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/794-1/
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:157
Issue Tracking x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=273141
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35307
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200908-07.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35685
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35689
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1571
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/55041
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35422
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35876
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html

Scores

EPSS 0.1837
EPSS Percentile 95.4%

Details

VulnCheck KEV 2009-06-16
InTheWild.io 2018-10-03
CWE
CWE-189
Status published
Products (13)
paul_marquess/compress-raw-zlib_perl_module 2.001
paul_marquess/compress-raw-zlib_perl_module 2.002
paul_marquess/compress-raw-zlib_perl_module 2.003
paul_marquess/compress-raw-zlib_perl_module 2.004
paul_marquess/compress-raw-zlib_perl_module 2.005
paul_marquess/compress-raw-zlib_perl_module 2.006
paul_marquess/compress-raw-zlib_perl_module 2.008
paul_marquess/compress-raw-zlib_perl_module 2.009
paul_marquess/compress-raw-zlib_perl_module 2.010
paul_marquess/compress-raw-zlib_perl_module 2.011
... and 3 more
Published Jun 16, 2009
Tracked Since Feb 18, 2026