Skip to main content
Version: v1.1.x

CVE-2026-57432

CVE Details

Visit the official vulnerability details page for CVE-2026-57432 to learn more.

Initial Publication

07/13/2026

Last Update

07/14/2026

Third Party Dependency

perl

NIST CVE Summary

Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack.

S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds.

A template derived from untrusted input can read heap memory past the buffer and return it to the caller.

CVE Severity

8.4

Our Official Summary

Investigation is ongoing to determine how this vulnerability affects our products.

Status

Analyzed

Affected Products & Versions

VersionPaletteAIPaletteAI VerteX
1.1.8⚠️ Impacted⚠️ Impacted

Revision History

No revisions available.