/ 
perl-5.42.0
⭐ Starred 2013 / Encode::CN
Security Advisories (2)
CVE-2026-4176 (2026-03-29)

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.

CVE-2026-8376 (2026-05-25)

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

NAME

Encode::CN - China-based Chinese Encodings

SYNOPSIS

use Encode qw/encode decode/; 
$euc_cn = encode("euc-cn", $utf8);   # loads Encode::CN implicitly
$utf8   = decode("euc-cn", $euc_cn); # ditto

DESCRIPTION

This module implements China-based Chinese charset encodings. Encodings supported are as follows.

Canonical   Alias		Description
--------------------------------------------------------------------
euc-cn      /\beuc.*cn$/i	EUC (Extended Unix Character)
        /\bcn.*euc$/i
            /\bGB[-_ ]?2312(?:\D.*$|$)/i (see below)
gb2312-raw			The raw (low-bit) GB2312 character map
gb12345-raw			Traditional chinese counterpart to 
              GB2312 (raw)
iso-ir-165			GB2312 + GB6345 + GB8565 + additions
MacChineseSimp                GB2312 + Apple Additions
cp936				Code Page 936, also known as GBK 
              (Extended GuoBiao)
hz				7-bit escaped GB2312 encoding
--------------------------------------------------------------------

To find how to use this module in detail, see Encode.

NOTES

Due to size concerns, GB 18030 (an extension to GBK) is distributed separately on CPAN, under the name Encode::HanExtra. That module also contains extra Taiwan-based encodings.

BUGS

When you see charset=gb2312 on mails and web pages, they really mean euc-cn encodings. To fix that, gb2312 is aliased to euc-cn. Use gb2312-raw when you really mean it.

The ASCII region (0x00-0x7f) is preserved for all encodings, even though this conflicts with mappings by the Unicode Consortium.

SEE ALSO

Encode