CVE-2026-57074

Publication date 17 July 2026

Last updated 17 July 2026


Ubuntu priority

Description

XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer. Truncated strings such as "<a/" can trigger an out-of-bounds read.

Status

Package Ubuntu Release Status
libxml-bare-perl 26.04 LTS resolute
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation


Access our resources on patching vulnerabilities