Security Advisories (1)
CVE-2026-8376 (2026-05-25)

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

NAME

ptardiff - program that diffs an extracted archive against an unextracted one

DESCRIPTION

ptardiff is a small program that diffs an extracted archive
against an unextracted one, using the perl module Archive::Tar.

This effectively lets you view changes made to an archives contents.

Provide the progam with an ARCHIVE_FILE and it will look up all
the files with in the archive, scan the current working directory
for a file with the name and diff it against the contents of the
archive.

SYNOPSIS

ptardiff ARCHIVE_FILE
ptardiff -h

$ tar -xzf Acme-Buffy-1.3.tar.gz
$ vi Acme-Buffy-1.3/README
[...]
$ ptardiff Acme-Buffy-1.3.tar.gz > README.patch

OPTIONS

h   Prints this help message

SEE ALSO

tar(1), Archive::Tar.