CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-10002

XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.7%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch
https://github.com/cpan-authors/XML-Parser/issues/64
https://rt.cpan.org/Ticket/Display.html?id=19859
http://www.openwall.com/lists/oss-security/2026/03/19/1

Products affected by CVE-2006-10002

Toddr » Xml: » Version: Any

cpe:2.3:a:toddr:xml:

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-10002

Products

Pricing

Contact Us