Gentoo Linux Security Advisory GLSA 200512-01 – Jack Louis discovered a new way to exploit format string errors in Perl that could lead to the execution of arbitrary code. This is performed by causing an integer wrap overflow in the efix variable inside the function Perl_sv_vcatpvfn. The proposed fix closes that specific exploitation vector to mitigate the risk of format string programming errors in Perl. This fix does not remove the need to fix such errors in Perl code. Versions less than 5.8.7-r3 are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/42243/glsa-200512-01.txt
Source: https://packetstormsecurity.com/files/42243/Gentoo-Linux-Security-Advisory-200512-1.html