Security Advisories (1)

CVE-2026-8376 (2026-05-25)

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c.patch

NAME

Pod::Html::Util - helper functions for Pod-Html

SUBROUTINES

Note: While these functions are importable on request from Pod::Html::Util, they are specifically intended for use within (a) the Pod-Html distribution (modules and test programs) shipped as part of the Perl 5 core and (b) other parts of the core such as the installhtml program. These functions may be modified or relocated within the core distribution -- or removed entirely therefrom -- as the core's needs evolve. Hence, you should not rely on these functions in situations other than those just described.

`process_command_line()`

Process command-line switches (options). Returns a reference to a hash. Will provide usage message if --help switch is present or if parameters are invalid.

Calling this subroutine may modify @ARGV.

`usage()`

Display customary Pod::Html usage information on STDERR.

`unixify()`

Ensure that Pod::Html's internals and tests handle paths consistently across Unix, Windows and VMS.

`relativize_url()`

Convert an absolute URL to one relative to a base URL. Assumes both end in a filename.

`html_escape()`

Make text safe for HTML.

`htmlify()`

htmlify($heading);

Converts a pod section specification to a suitable section specification for HTML. Note that we keep spaces and special characters except ", ? (Netscape problem) and the hyphen (writer's problem...).

`anchorify()`

anchorify(@heading);

Similar to htmlify(), but turns non-alphanumerics into underscores. Note that anchorify() is not exported by default.

`trim_leading_whitespace()`

Remove any level of indentation (spaces or tabs) from each code block consistently. Adapted from: https://metacpan.org/source/HAARG/MetaCPAN-Pod-XHTML-0.002001/lib/Pod/Simple/Role/StripVerbatimIndent.pm

To install less, copy and paste the appropriate command in to your terminal.

cpanm

cpanm less

CPAN shell

perl -MCPAN -e shell
install less

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SUBROUTINES

process_command_line()

usage()

unixify()

relativize_url()

html_escape()

htmlify()

anchorify()

trim_leading_whitespace()

Module Install Instructions

Keyboard Shortcuts