| Package | libhtml-parser-perl |
|---|---|
| Version | 3.72-3+deb9u1 (stretch), 3.72-3+deb10u1 (buster) |
| Related CVEs | CVE-2026-8829 |
A heap use-after-free issue was discovered in libhtml-parser-perl
(HTML::Entities module).
The XS routine backing _decode_entities() reads freed heap memory in
some situations, which read may disclose adjacent heap contents.
For Debian 10 buster, these problems have been fixed in version 3.72-3+deb10u1.
For Debian 9 stretch, these problems have been fixed in version 3.72-3+deb9u1.
We recommend that you upgrade your libhtml-parser-perl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.