CVE-2006-10002

CVE-2006-10002 affects the Perl XML::Parser module (XML::Parser/Expat). Connected documents confirm a heap corruption/crash vector caused by an overflow in a pre-allocated buffer during parsing, notably in parse_stream() and the UTF-8 handling path. The issue appears in XML::Parser versions up to...

CVE-2006-10003

XML::Parser (Perl) up to version 2.47 contains an off-by-one heap buffer overflow in st_serial_stack, enabling memory corruption and crashes on deeply nested XML. A patched version is available (varies by distro) — Debian fixes 2.46-2+deb11u1 and 2.47-2~deb13u1; RedHat/Debian/Linux advisories als...