CVE-2026-7040

Summary

Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters.

The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption.

Note that the minify_utf8 function is an alias for minify.

Affected Software

VendorProductVersion RangeStatus
RRWOText::Minify::XS0.3.0 < 0.7.8affected

Weaknesses

  • CWE-176: CWE-176 Improper Handling of Unicode Encoding
  • CWE-122: CWE-122 Heap-based Buffer Overflow

Workarounds

Validate that all strings passed to the minify and minify_utf8 functions.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References