Harry SintonenMar 19

Two 20-year-old vulnerabilities fixed in XML::Parser 2.48:

- CVE-2006-10002: XML::Parser versions through 2.47 for Perl could
overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes https://www.openwall.com/lists/oss-security/2026/03/19/1

- CVE-2006-10003: XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack https://www.openwall.com/lists/oss-security/2026/03/19/2

The patch fixing these has been available since 2006 but it's nice to see the fix in actual release, too.

#CVE_2006_10002 #CVE_2006_10003

oss-security - CVE-2006-10002: XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes