Home / mailingsPDF  

[USN-8174-1] XML::Parser vulnerabilities

Posted on 14 April 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8174-1
April 14, 2026

libxml-parser-perl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in XML::Parser.

Software Description:
- libxml-parser-perl: Perl module for parsing XML files

Details:

It was discovered that XML::Parser incorrectly handled certain multi-byte
UTF-8 characters. If a user or automated system were tricked into
processing specially crafted XML data, a remote attacker could use this
issue to cause XML::Parser to crash, resulting in a denial of service or to
possibly execute arbitrary code. (CVE-2006-10002)

It was discovered that XML::Parser incorrectly handled very deep element
nesting. If a user or automated system were tricked into processing
specially crafted XML data, a remote attacker could use this issue to cause
XML::Parser to crash, resulting in a denial of service or to possibly
execute arbitrary code (CVE-2006-10002)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
libxml-parser-perl 2.47-1ubuntu0.25.10.1

Ubuntu 24.04 LTS
libxml-parser-perl 2.47-1ubuntu0.24.04.1

Ubuntu 22.04 LTS
libxml-parser-perl 2.46-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8174-1
CVE-2006-10002, CVE-2006-10003

Package Information:
https://launchpad.net/ubuntu/+source/libxml-parser-perl/2.47-1ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/libxml-parser-perl/2.47-1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/libxml-parser-perl/2.46-3ubuntu0.1

--===============4442885265781039632==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :