QwikSec

Security Database

CVE

CWE

Training

CVE-2006-10002

Published: Mar 19, 2026

Modified: Apr 29, 2026

PUBLISHED

Description

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.

Vendor	Product	Versions
TODDR	XML::Parser	affected `0 - <= 2.45`

Weaknesses (CWE)

References

https://rt.cpan.org/Ticket/Display.html?id=19859

issue-tracking

https://github.com/cpan-authors/XML-Parser/issues/64

issue-tracking

https://metacpan.org/release/TODDR/XML-Parser-2.46/changes

release-notes

https://github.com/cpan-authors/XML-Parser/commit/56b0509dfc6b559cd7555ea81ee62e3622069255.patch

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.