CVE-2006-10002

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions XML::Parser versions through 2.47

Description The software may experience a buffer overflow due to the pre-allocated buffer size being exceeded. This can lead to heap corruption, potentially resulting in a double free or other forms of corruption, and ultimately causing crashes. A PerlIO :utf8 layer, specifically the parse stream() function within Expat.xs, is susceptible to this issue. The problem arises because Perl’s read() function returns decoded characters, while SvPV() returns multi-byte UTF-8 bytes, which can exceed the buffer’s capacity.

Recommendations Update to a version of XML::Parser greater than 2.47.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-176

Related Identifiers

ALSA-2026:7679

ALSA-2026:7680

ALSA-2026:7681

CVE-2006-10002

MGASA-2026-0063

OPENSUSE-SU-2026:10527-1

OPENSUSE-SU-2026:20459-1

RHSA-2026:7679

RHSA-2026:7680

RHSA-2026:7681

RHSA-2026:8577

RHSA-2026:8578

RHSA-2026:8608

RHSA-2026:8609

RHSA-2026:8610

RHSA-2026:9110

RHSA-2026:9246

RHSA-2026:9258

RHSA-2026:9259

RHSA-2026:9605

SUSE-SU-2026:1152-1

SUSE-SU-2026:1153-1

SUSE-SU-2026:20993-1

USN-8174-1

Affected Products

Linuxmint

Ubuntu

Xml Parser

CVE-2006-10002

Weakness Enumeration

Related Identifiers

Affected Products

References · 50