CVE-2006-10002

HIGH

perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input

Details

CVSS v3: 7.5
NVD published: 2026-03-19 12:16:16
EPSS: <0.1% probability · 8.8th percentile — 2026-04-20
Affected versions: cpe:2.3:a:toddr:xml\:\:parser:*:*:*:*:*:perl:*:*
Summary: XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.