/ 
perl-5.42.2
⭐ Starred 2013 / exetype
Security Advisories (1)
CVE-2026-8376 (2026-05-25)

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

NAME

exetype - Change executable subsystem type between "Console" and "Windows"

SYNOPSIS

C:\perl\bin> copy perl.exe guiperl.exe
C:\perl\bin> exetype guiperl.exe windows

DESCRIPTION

This program edits an executable file to indicate which subsystem the operating system must invoke for execution.

You can specify any of the following subsystems:

CONSOLE

The CONSOLE subsystem handles a Win32 character-mode application that use a console supplied by the operating system.

WINDOWS

The WINDOWS subsystem handles an application that does not require a console and creates its own windows, if required.

NATIVE

The NATIVE subsystem handles a Windows NT device driver.

WINDOWSCE

The WINDOWSCE subsystem handles Windows CE consumer electronics applications.

POSIX

The POSIX subsystem handles a POSIX application in Windows NT.

AUTHOR

Jan Dubois <jand@activestate.com>