cvedb.io
CVE-2026-8829
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-06-04T03:16:20.260 · Last modified 2026-06-28T12:17:03.683

Summary

HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and that value contained its own key as an entity reference, a later call to grow_gap() reallocated the SV's PV buffer and freed the backing allocation that repl still pointed into. The subsequent copy loop read repl_len bytes from the freed allocation. The read may disclose adjacent heap contents into the destination SV.

Affected products

oalders — html\

Does this affect you?

Add your gear to cvedb and we'll alert you only when oalders ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.