CVE-2026-7040 PUBLISHED

Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have heap overflow when processing some malformed UTF-8 characters

Assigner: CPANSec
Reserved: 25.04.2026 Published: 27.04.2026 Updated: 27.04.2026

Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters.

The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption.

Note that the minify_utf8 function is an alias for minnify.

Product Status

Vendor RRWO
Product Text::Minify::XS
Versions Default: unaffected
  • affected from v0.3.0 to v0.7.8 (excl.)

Workarounds

Validate that all strings passed to the minify and minify_utf8 functions.

Solutions

Upgrade to v0.7.8 or later.

References

Problem Types

  • CWE-176 Improper Handling of Unicode Encoding CWE
  • CWE-122 Heap-based Buffer Overflow CWE