Security Advisories (3)
CVE-2026-13221 (2026-07-13)

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored in a 16-bit field. A branch count above 65535 overflows the field, and the trie's match decision table is truncated with no warning or error. A pattern of this shape produces false positive matches (matching strings it should not) and false negative matches (failing to match strings it should). When such a pattern gates an access or filtering decision, the result is wrong.

CVE-2026-57432 (2026-07-13)

Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds. A template derived from untrusted input can read heap memory past the buffer and return it to the caller.

CVE-2026-8376 (2026-05-25)

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

NAME

Pod::Html::Util - helper functions for Pod-Html

SUBROUTINES

Note: While these functions are importable on request from Pod::Html::Util, they are specifically intended for use within (a) the Pod-Html distribution (modules and test programs) shipped as part of the Perl 5 core and (b) other parts of the core such as the installhtml program. These functions may be modified or relocated within the core distribution -- or removed entirely therefrom -- as the core's needs evolve. Hence, you should not rely on these functions in situations other than those just described.

process_command_line()

Process command-line switches (options). Returns a reference to a hash. Will provide usage message if --help switch is present or if parameters are invalid.

Calling this subroutine may modify @ARGV.

usage()

Display customary Pod::Html usage information on STDERR.

unixify()

Ensure that Pod::Html's internals and tests handle paths consistently across Unix, Windows and VMS.

relativize_url()

Convert an absolute URL to one relative to a base URL. Assumes both end in a filename.

html_escape()

Make text safe for HTML.

htmlify()

htmlify($heading);

Converts a pod section specification to a suitable section specification for HTML. Note that we keep spaces and special characters except ", ? (Netscape problem) and the hyphen (writer's problem...).

anchorify()

anchorify(@heading);

Similar to htmlify(), but turns non-alphanumerics into underscores. Note that anchorify() is not exported by default.

trim_leading_whitespace()

Remove any level of indentation (spaces or tabs) from each code block consistently. Adapted from: https://metacpan.org/source/HAARG/MetaCPAN-Pod-XHTML-0.002001/lib/Pod/Simple/Role/StripVerbatimIndent.pm