Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2025-15646

Gravedad CVSS v3.1:
CRÍTICA
Tipo:
CWE-125 Lectura fuera de límites
Fecha de publicación:
01/07/2026
Última modificación:
02/07/2026

Descripción

*** Pendiente de traducción *** HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion.<br /> <br /> Support for the element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the pointer addresses.<br /> <br /> Any caller that runs parse() with the default format =&gt; &amp;#39;string&amp;#39;, or with format =&gt; &amp;#39;tree&amp;#39;, on input containing a element serializes the over-read bytes into the returned result, disclosing bounded heap contents. format =&gt; &amp;#39;callback&amp;#39; reaches a croak on the unhandled node type and is unaffected.