USN-8174-1 Unknown

USN-8174-1: XML::Parser vulnerabilities

Canonical (Ubuntu) Released: April 14, 2026 Updated: April 16, 2026 Restart Required

Description

It was discovered that XML::Parser incorrectly handled certain multi-byte UTF-8 characters. If a user or automated system were tricked into processing specially crafted XML data, a remote attacker could use this issue to cause XML::Parser to crash, resulting in a denial of service or to possibly execute arbitrary code. (CVE-2006-10002) It was discovered that XML::Parser incorrectly handled very deep element nesting. If a user or automated system were tricked into processing specially crafted XML data, a remote attacker could use this issue to cause XML::Parser to crash, resulting in a denial of service or to possibly execute arbitrary code (CVE-2006-10003)

Fixed Vulnerabilities 2

CVE-2006-10002 N/A 0.0 ⚠️ KEV fixed

Mar 19, 2026

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO…

CVE-2006-10003 N/A 0.0 ⚠️ KEV fixed

Mar 19, 2026

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will…

Quick Info

Patch ID: USN-8174-1

Vendor: Canonical (Ubuntu)

Severity: Unknown

CVEs Fixed: 2

Restart: Required

Vendor

Canonical (Ubuntu)

Additional Info

action:

usn id: USN-8174-1

summary: Several security issues were fixed in XML::Parser.

usn number: 8174-1

instructions: In general, a standard system update will make all the necessary changes.

CVE Vulnerabilities

Posts & Pages