rpm package
opensuse/perl-HTML-Parser&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/perl-HTML-Parser&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-8829 | Hig | 7.5 | < 3.850.0-1.1 | 3.850.0-1.1 | Jun 4, 2026 | HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a va | |
| CVE-2009-3627 | — | < 3.72-1.7 | 3.72-1.7 | Oct 29, 2009 | The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character. |
- affected < 3.850.0-1.1fixed 3.850.0-1.1
HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a va
- CVE-2009-3627Oct 29, 2009affected < 3.72-1.7fixed 3.72-1.7
The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.