CVE-2025-15646

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
01/07/2026
Last modified:
02/07/2026

Description

HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion.<br /> <br /> Support for the element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the pointer addresses.<br /> <br /> Any caller that runs parse() with the default format =&gt; &amp;#39;string&amp;#39;, or with format =&gt; &amp;#39;tree&amp;#39;, on input containing a element serializes the over-read bytes into the returned result, disclosing bounded heap contents. format =&gt; &amp;#39;callback&amp;#39; reaches a croak on the unhandled node type and is unaffected.