PT-2026-35416 · Cpan · Text::Minify::Xs

Cpansec

Published

2026-04-27

Updated

2026-05-07

CVE-2026-7040

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Text::Minify::XS versions 0.3.0 through 0.7.7

Description A heap overflow occurs when processing certain malformed UTF-8 characters. The minify() function and its alias minify utf8() mishandle these characters, which leads to heap corruption.

Recommendations Update to version 0.7.8 or later.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-176CWE-122

Related Identifiers

CVE-2026-7040

Affected Products

Text::Minify::Xs

PT-2026-35416 · Cpan · Text::Minify::Xs

CVE-2026-7040

Weakness Enumeration

Related Identifiers

Affected Products

References · 9