UBUNTU-CVE-2026-57074

Source
https://ubuntu.com/security/CVE-2026-57074
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57074.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-57074
Upstream
  • CVE-2026-57074
Published
2026-07-17T00:00:00Z
Modified
2026-07-17T14:31:22.433623409Z
Severity
  • Ubuntu - medium
Summary
[none]
Details

XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "<a/" can trigger an out-of-bounds read.

References

Affected packages

Ubuntu:16.04:LTS
libxml-bare-perl

Package

Name
libxml-bare-perl
Purl
pkg:deb/ubuntu/libxml-bare-perl?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.53-1build1
0.53-1build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.53-1build2",
            "binary_name": "libxml-bare-perl"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57074.json"
Ubuntu:18.04:LTS
libxml-bare-perl

Package

Name
libxml-bare-perl
Purl
pkg:deb/ubuntu/libxml-bare-perl?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.53-1build4

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.53-1build4",
            "binary_name": "libxml-bare-perl"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57074.json"
Ubuntu:20.04:LTS
libxml-bare-perl

Package

Name
libxml-bare-perl
Purl
pkg:deb/ubuntu/libxml-bare-perl?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.53-1build5
0.53-1build6

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.53-1build6",
            "binary_name": "libxml-bare-perl"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57074.json"
Ubuntu:22.04:LTS
libxml-bare-perl

Package

Name
libxml-bare-perl
Purl
pkg:deb/ubuntu/libxml-bare-perl?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.53-1build7
0.53-1build8

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.53-1build8",
            "binary_name": "libxml-bare-perl"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57074.json"
Ubuntu:24.04:LTS
libxml-bare-perl

Package

Name
libxml-bare-perl
Purl
pkg:deb/ubuntu/libxml-bare-perl?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.53-2build1
0.53-2build2
0.53-2build3
0.53-2build4

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.53-2build4",
            "binary_name": "libxml-bare-perl"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57074.json"
Ubuntu:26.04:LTS
libxml-bare-perl

Package

Name
libxml-bare-perl
Purl
pkg:deb/ubuntu/libxml-bare-perl?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.53-4build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.53-4build1",
            "binary_name": "libxml-bare-perl"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57074.json"