CVE-2026-7040

Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minify_utf8 function is an alias for minify.

high 7.5 CVSS 3.1
Published: Apr 27, 2026
Modified: Apr 28, 2026

Description

Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters.

The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption.

Note that the minify_utf8 function is an alias for minify.

References