ELA-1532-1 libjson-xs-perl security update

integer buffer overflow

2025-10-01
Packagelibjson-xs-perl
Version3.030-1+deb9u1 (stretch), 3.040-1+deb10u1 (buster)
Related CVEs CVE-2025-40928


A vulnerability has been fixed in libjson-xs-perl, a Perl module which does C/XS-accelerated manipulation of JSON-formatted data.

CVE-2025-40928

Integer buffer overflow causing a segfault when parsing crafted JSON,
enabling denial-of-service attacks or other unspecified impact.


For Debian 10 buster, these problems have been fixed in version 3.040-1+deb10u1.

For Debian 9 stretch, these problems have been fixed in version 3.030-1+deb9u1.

We recommend that you upgrade your libjson-xs-perl packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.