YAML-LibYAML-0.29

Security Advisories (3)

CVE-2014-9130 (2014-12-08)

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

http://www.openwall.com/lists/oss-security/2014/11/29/3
http://www.openwall.com/lists/oss-security/2014/11/28/8
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
http://www.securityfocus.com/bid/71349
http://secunia.com/advisories/59947
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
http://secunia.com/advisories/60944
http://www.openwall.com/lists/oss-security/2014/11/28/1
http://linux.oracle.com/errata/ELSA-2015-0100.html
http://secunia.com/advisories/62723
http://secunia.com/advisories/62705
http://secunia.com/advisories/62774
http://www.ubuntu.com/usn/USN-2461-2
http://www.ubuntu.com/usn/USN-2461-3
http://www.ubuntu.com/usn/USN-2461-1
http://rhn.redhat.com/errata/RHSA-2015-0100.html
http://www.debian.org/security/2014/dsa-3103
http://rhn.redhat.com/errata/RHSA-2015-0112.html
http://www.debian.org/security/2014/dsa-3102
http://www.debian.org/security/2014/dsa-3115
http://rhn.redhat.com/errata/RHSA-2015-0260.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
http://www.mandriva.com/security/advisories?name=MDVSA-2014:242
http://advisories.mageia.org/MGASA-2014-0508.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
http://secunia.com/advisories/62176
http://secunia.com/advisories/62174
http://secunia.com/advisories/62164
https://exchange.xforce.ibmcloud.com/vulnerabilities/99047
https://puppet.com/security/cve/cve-2014-9130

CPANSA-YAML-LibYAML-2016-01 (2016-03-10)

Need SafeLoad and SafeDump analog to python

https://github.com/ingydotnet/yaml-libyaml-pm/issues/45

CVE-2025-40908 (2025-06-01)

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

https://www.cve.org/CVERecord?id=CVE-2025-40908
https://github.com/ingydotnet/yaml-libyaml-pm/issues/120
https://github.com/ingydotnet/yaml-libyaml-pm/pull/121
https://github.com/ingydotnet/yaml-libyaml-pm/pull/122

No POD found for Metadata.pm. Time to read the source?

To install YAML::LibYAML, copy and paste the appropriate command in to your terminal.

cpanm

cpanm YAML::LibYAML

CPAN shell

perl -MCPAN -e shell
install YAML::LibYAML

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Module Install Instructions