========================================================================
CVE-2026-13593                                       CPAN Security Group
========================================================================

        CVE ID:  CVE-2026-13593
  Distribution:  CSS-Minifier-XS
      Versions:  before 0.14

      MetaCPAN:  https://metacpan.org/dist/CSS-Minifier-XS
      VCS Repo:  https://github.com/bleargh45/CSS-Minifier-XS


CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when
the entire document is minified away

Description
-----------
CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when
the entire document is minified away.

The minify function has a memory leak when processing a document
containing only characters to be removed, such as comments and
whitespace.

Problem types
-------------
- CWE-401 Missing Release of Memory after Effective Lifetime

Solutions
---------
Upgrade to CSS::Minifier::XS version 0.14 or later.


References
----------
https://metacpan.org/release/GTERMARS/CSS-Minifier-XS-0.14/changes



Reply via email to