CVE-2006-10003

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions XML::Parser versions through 2.47

Description The software contains a heap buffer overflow in the st serial stack function. This occurs when parsing XML files with deeply nested elements. Specifically, when stackptr equals stacksize - 1, the stack is not expanded, and a new value is written outside the allocated buffer at the stacksize location.

Recommendations Update to a version of XML::Parser later than 2.47.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-193

Related Identifiers

ALSA-2026:7679

ALSA-2026:7680

ALSA-2026:7681

CVE-2006-10003

MGASA-2026-0063

OPENSUSE-SU-2026:10527-1

OPENSUSE-SU-2026:20459-1

RHSA-2026:7679

RHSA-2026:7680

RHSA-2026:7681

RHSA-2026:8577

RHSA-2026:8578

RHSA-2026:8608

RHSA-2026:8609

RHSA-2026:8610

RHSA-2026:9110

RHSA-2026:9246

RHSA-2026:9258

RHSA-2026:9259

RHSA-2026:9605

SUSE-SU-2026:1152-1

SUSE-SU-2026:1153-1

SUSE-SU-2026:20993-1

USN-8174-1

Affected Products

Linuxmint

Ubuntu

Xml Parser

CVE-2006-10003

Weakness Enumeration

Related Identifiers

Affected Products

References · 49