ELA-1675-1 libxml-parser-perl security update

denial of service

2026-04-04
Packagelibxml-parser-perl
Version2.44-2+deb9u1 (stretch), 2.44-4+deb10u1 (buster)
Related CVEs CVE-2006-10002 CVE-2006-10003


CVE-2006-10002

Buffer overwrite in parse_stream(), which may lead to denial of service when the filehandle has an :utf8 layer.

CVE-2006-10003

Off-by-one heap buffer overflow in st_serial_stack(), which can be observed when parsing an XML file with very deep element nesting.



For Debian 10 buster, these problems have been fixed in version 2.44-4+deb10u1.

For Debian 9 stretch, these problems have been fixed in version 2.44-2+deb9u1.

We recommend that you upgrade your libxml-parser-perl packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.