/ 
perl-5.9.3
River stage five • 12505 direct dependents • 35156 total dependents
/ lib/Locale/Script.pod
Security Advisories (24)
CVE-2011-2728 (2012-12-21)

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

CVE-2020-12723 (2020-06-05)

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-10878 (2020-06-05)

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10543 (2020-06-05)

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2018-6913 (2018-04-17)

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

CVE-2018-18314 (2018-12-07)

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18313 (2018-12-07)

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18312 (2018-12-05)

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18311 (2018-12-07)

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2015-8853 (2016-05-25)

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

CVE-2013-1667 (2013-03-14)

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

CVE-2010-4777 (2014-02-10)

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

CVE-2010-1158 (2010-04-20)

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.

CVE-2009-3626 (2009-10-29)

Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.

CVE-2005-3962 (2005-12-01)

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

CVE-2012-5195 (2012-12-18)

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

CVE-2016-2381 (2016-04-08)

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

CVE-2013-7422 (2015-08-16)

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

CVE-2011-1487 (2011-04-11)

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

CVE-2023-47039 (2023-10-30)

Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

CVE-2024-56406 (2025-04-13)

A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

CVE-2016-1238 (2016-08-02)

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

CVE-2015-8608 (2017-02-07)

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

NAME

Locale::Script - ISO codes for script identification (ISO 15924)

SYNOPSIS

use Locale::Script;
use Locale::Constants;

$script  = code2script('ph');                       # 'Phoenician'
$code    = script2code('Tibetan');                  # 'bo'
$code3   = script2code('Tibetan',
                       LOCALE_CODE_ALPHA_3);        # 'bod'
$codeN   = script2code('Tibetan',
                       LOCALE_CODE_ALPHA_NUMERIC);  # 330

@codes   = all_script_codes();
@scripts = all_script_names();

DESCRIPTION

The Locale::Script module provides access to the ISO codes for identifying scripts, as defined in ISO 15924. For example, Egyptian hieroglyphs are denoted by the two-letter code 'eg', the three-letter code 'egy', and the numeric code 050.

You can either access the codes via the conversion routines (described below), or with the two functions which return lists of all script codes or all script names.

There are three different code sets you can use for identifying scripts:

alpha-2

Two letter codes, such as 'bo' for Tibetan. This code set is identified with the symbol LOCALE_CODE_ALPHA_2.

alpha-3

Three letter codes, such as 'ell' for Greek. This code set is identified with the symbol LOCALE_CODE_ALPHA_3.

numeric

Numeric codes, such as 410 for Hiragana. This code set is identified with the symbol LOCALE_CODE_NUMERIC.

All of the routines take an optional additional argument which specifies the code set to use. If not specified, it defaults to the two-letter codes. This is partly for backwards compatibility (previous versions of Locale modules only supported the alpha-2 codes), and partly because they are the most widely used codes.

The alpha-2 and alpha-3 codes are not case-dependent, so you can use 'BO', 'Bo', 'bO' or 'bo' for Tibetan. When a code is returned by one of the functions in this module, it will always be lower-case.

SPECIAL CODES

The standard defines various special codes.

  • The standard reserves codes in the ranges qa - qt, qaa - qat, and 900 - 919, for private use.

  • zx, zxx, and 997, are the codes for unwritten languages.

  • zy, zyy, and 998, are the codes for an undetermined script.

  • zz, zzz, and 999, are the codes for an uncoded script.

The private codes are not recognised by Locale::Script, but the others are.

CONVERSION ROUTINES

There are three conversion routines: code2script(), script2code(), and script_code2code().

code2script( CODE, [ CODESET ] )

This function takes a script code and returns a string which contains the name of the script identified. If the code is not a valid script code, as defined by ISO 15924, then undef will be returned:

$script = code2script('cy');   # Cyrillic
script2code( STRING, [ CODESET ] )

This function takes a script name and returns the corresponding script code, if such exists. If the argument could not be identified as a script name, then undef will be returned:

$code = script2code('Gothic', LOCALE_CODE_ALPHA_3);
# $code will now be 'gth'

The case of the script name is not important. See the section "KNOWN BUGS AND LIMITATIONS" below.

script_code2code( CODE, CODESET, CODESET )

This function takes a script code from one code set, and returns the corresponding code from another code set.

    $alpha2 = script_code2code('jwi',
		 LOCALE_CODE_ALPHA_3 => LOCALE_CODE_ALPHA_2);
    # $alpha2 will now be 'jw' (Javanese)

If the code passed is not a valid script code in the first code set, or if there isn't a code for the corresponding script in the second code set, then undef will be returned.

QUERY ROUTINES

There are two function which can be used to obtain a list of all codes, or all script names:

all_script_codes ( [ CODESET ] )

Returns a list of all two-letter script codes. The codes are guaranteed to be all lower-case, and not in any particular order.

all_script_names ( [ CODESET ] )

Returns a list of all script names for which there is a corresponding script code in the specified code set. The names are capitalised, and not returned in any particular order.

EXAMPLES

The following example illustrates use of the code2script() function. The user is prompted for a script code, and then told the corresponding script name:

$| = 1;   # turn off buffering

print "Enter script code: ";
chop($code = <STDIN>);
$script = code2script($code, LOCALE_CODE_ALPHA_2);
if (defined $script)
{
    print "$code = $script\n";
}
else
{
    print "'$code' is not a valid script code!\n";
}

KNOWN BUGS AND LIMITATIONS

  • When using script2code(), the script name must currently appear exactly as it does in the source of the module. For example,

    script2code('Egyptian hieroglyphs')

    will return eg, as expected. But the following will all return undef:

    script2code('hieroglyphs')
script2code('Egyptian Hieroglypics')

    If there's need for it, a future version could have variants for script names.

  • In the current implementation, all data is read in when the module is loaded, and then held in memory. A lazy implementation would be more memory friendly.

SEE ALSO

Locale::Language

ISO two letter codes for identification of language (ISO 639).

Locale::Currency

ISO three letter codes for identification of currencies and funds (ISO 4217).

Locale::Country

ISO three letter codes for identification of countries (ISO 3166)

ISO 15924

The ISO standard which defines these codes.

http://www.evertype.com/standards/iso15924/

Home page for ISO 15924.

AUTHOR

Neil Bowers <neil@bowers.com>

COPYRIGHT

Copyright (c) 2002-2004 Neil Bowers.

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.