CVE-2006-10003

CVE-2006-10003: XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

Vendor Toddr
Product XML::Parser
Weakness CWE-193
Published March 19, 2026
Last update June 30, 2026

CVSS base score

What the vulnerability does

01Description

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

Key dates

02Disclosure timeline

March 19, 2026 CVE published
June 30, 2026 Record updated