Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
http://www.vupen.com/english/advisories/2006/4750
http://www.vupen.com/english/advisories/2006/2613
http://www.vupen.com/english/advisories/2006/0771
http://www.vupen.com/english/advisories/2005/2688
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
http://www.trustix.org/errata/2005/0070
http://www.securityfocus.com/bid/15629
http://www.securityfocus.com/archive/1/438726/100/0/threaded
http://www.securityfocus.com/archive/1/418333/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2005-881.html
http://www.redhat.com/support/errata/RHSA-2005-880.html
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
http://www.openbsd.org/errata37.html#perl
http://www.novell.com/linux/security/advisories/2005_71_perl.html
http://www.novell.com/linux/security/advisories/2005_29_sr.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
http://www.kb.cert.org/vuls/id/948385
http://www.ipcop.org/index.php?name=News&file=article&sid=41
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
http://www.dyadsecurity.com/perl-0002.html
http://www.debian.org/security/2006/dsa-943
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
http://secunia.com/advisories/31208
http://secunia.com/advisories/23155
http://secunia.com/advisories/20894
http://secunia.com/advisories/19041
http://secunia.com/advisories/18517
http://secunia.com/advisories/18413
http://secunia.com/advisories/18295
http://secunia.com/advisories/18187
http://secunia.com/advisories/18183
http://secunia.com/advisories/18075
http://secunia.com/advisories/17993
http://secunia.com/advisories/17952
http://secunia.com/advisories/17941
http://secunia.com/advisories/17844
http://secunia.com/advisories/17802
http://secunia.com/advisories/17762
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://docs.info.apple.com/article.html?artnum=304829
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056