Heap Memory Vulnerability in HTML::Entities for Perl by libwww-perl
CVE-2026-8829
7.5HIGH
What is CVE-2026-8829?
A vulnerability in HTML::Entities versions prior to 3.84 for Perl can lead to the reading of freed heap memory. This occurs due to improper handling of pointers within the XS routine backing HTML::Entities::_decode_entities. When an input scalar value is identical to a value scalar in the entity2char hash and that value references its own key, it can cause the backing allocation to be freed during a buffer reallocation. Subsequent operations may inadvertently read from this freed memory, potentially exposing adjacent heap contents. This situation creates a risk of sensitive data leakage and requires prompt remediation.
Affected Version(s)
HTML::Entities 0 < 3.84
