Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN433
_____________________________________________________________________

DATE                : 28/04/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Text::Minify::XS versions
                              prior to 0.7.8.

=====================================================================
https://lists.security.metacpan.org/cve-announce/msg/39360644/
_____________________________________________________________________

========================================================================
CVE-2026-7040                                        CPAN Security Group
========================================================================

         CVE ID:  CVE-2026-7040
   Distribution:  Text-Minify-XS
       Versions:  from v0.3.0 before v0.7.8

       MetaCPAN:  https://metacpan.org/dist/Text-Minify-XS
       VCS Repo:  https://github.com/robrwo/Text-Minify-XS

Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have heap
overflow when processing some malformed UTF-8 characters

Description
-----------
Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a
heap overflow when processing some malformed UTF-8 characters.

The minify functions mishandled some malformed UTF-8 characters,
leading to heap corruption.

Note that the minify_utf8 function is an alias for minnify.

Problem types
-------------
- CWE-176 Improper Handling of Unicode Encoding
- CWE-122 Heap-based Buffer Overflow

Workarounds
-----------
Validate that all strings passed to the minify and minify_utf8
functions.

Solutions
---------
Upgrade to v0.7.8 or later.

References
----------
https://github.com/robrwo/Text-Minify-XS/security/advisories/GHSA-jqhf-vv4h-77h2
https://metacpan.org/release/RRWO/Text-Minify-XS-v0.7.8/changes

Timeline
--------
- 2026-04-23: This issue was identified by CPANSec
- 2025-04-25: Fix uploaded to CPAN


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================