cvedb.io
CVE-2006-10003
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2026-03-19T12:16:17.047 · Last modified 2026-06-30T03:16:38.650

Summary

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

Affected products

toddr — xml\

Does this affect you?

Add your gear to cvedb and we'll alert you only when toddr ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.