Critical Memory Disclosure Vulnerability in Fedora's perl-HTML-Gumbo Module

Critical Memory Disclosure Vulnerability in Fedora's perl-HTML-Gumbo Module

First seen 11 Jul 2026, 23:28 UTC Linuxsecurity 99% similarity 69.9

Article Content

Browse articles
ThreatCluster

Fedora's perl-HTML-Gumbo module versions prior to 0.19 are vulnerable to a critical information disclosure issue due to type confusion. This flaw allows attackers to disclose heap memory, potentially exposing sensitive data. The vulnerability was identified in the walk_tree function of the module, which misinterprets certain HTML elements as text nodes. The issue affects all Fedora versions using the affected module, with a CVE-2025-15646 published on July 1, 2026. The vulnerability was addressed in an update released on May 30, 2026, by Emmanuel Seyman, who updated the module to version 0.19. Users are advised to upgrade their installations to mitigate the risk. The flaw has been categorized as critical due to its potential impact on user data security.

Key Points: • Fedora's perl-HTML-Gumbo module versions before 0.19 are vulnerable to memory disclosure. • The vulnerability is due to type confusion in the walk_tree function, exposing heap memory. • Users are urged to upgrade to version 0.19 to mitigate the risk of exploitation.

ThreatCluster AI

Timeline

2026-05-30
Update to perl-HTML-Gumbo released
Emmanuel Seyman released version 0.19, addressing the critical memory disclosure vulnerability.
Linuxsecurity
2026-07-01
CVE-2025-15646 published
CVE-2025-15646 details a critical information disclosure vulnerability in perl-HTML-Gumbo.
Linuxsecurity

Community

Browse all →