CVE-2025-40914

NameCVE-2025-40914
DescriptionPerl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1107697

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libcryptx-perl (PTS)bullseye0.069-1vulnerable
bookworm0.077-1vulnerable
trixie0.085-1vulnerable
forky, sid0.087-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libcryptx-perlsource(unstable)0.087-11107697

Notes

[trixie] - libcryptx-perl <no-dsa> (Minor issue)
[bookworm] - libcryptx-perl <no-dsa> (Minor issue)
[bullseye] - libcryptx-perl <postponed> (Minor issue)
https://lists.security.metacpan.org/cve-announce/msg/30332012/
https://github.com/libtom/libtommath/pull/546
https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-6fh3-7qjq-8v22
CVE exists because CryptX embeds a version of the libtommath library that is
susceptible to an integer overflow associated with CVE-2023-36328.
Search for package or bug name: Reporting problems