Patched — Tamilsxe

On 2026‑04‑04 the TamilsXe maintainers released v2.7.3, the first patch that resolves CVE‑2026‑12345. The key changes are:

| # | Patch Detail | Code Snippet (simplified) | |---|--------------|---------------------------| | 1 | Input Length Verification before any look‑ahead. | c if (i + needed > len) return ERR_INVALID; | | 2 | Safe Copy Loop – replaced the custom memcpy with memmove_s. | c memmove_s(dst, dst_sz, src, copy_len); | | 3 | Zero‑Out Freed Buffers to prevent use‑after‑free. | c memset(buf, 0, buf_sz); free(buf); | | 4 | Additional Unit Tests covering all Unicode edge‑cases, especially ZWJ/ZWJ‑clusters. | (See tests/utf8_edge_cases.c) | | 5 | Static Analysis Integration – CI now runs Coverity and CodeQL on every PR. | N/A | tamilsxe patched

Bottom line: The patch eliminates the overflow, ensures memory is cleared before being freed, and dramatically raises the test coverage from ~73 % to >98 % for Unicode‑specific code paths. On 2026‑04‑04 the TamilsXe maintainers released v2

# 1️⃣  Verify current version
tamilsxe --version
# Expected output: 2.7.2 (or lower)
# 2️⃣  Pull the latest release from GitHub
git clone https://github.com/tamilsxe/tamilsxe.git
cd tamilsxe
git checkout v2.7.3
# 3️⃣  Build (requires CMake >= 3.25)
mkdir build && cd build
cmake .. -DCMAKE_BUILD_TYPE=Release
make -j$(nproc)
# 4️⃣  Install
sudo make install
# 5️⃣  Verify
tamilsxe --version
# Should now show 2.7.3

TamilsXe (pronounced “Tamil‑ex‑e”) is a widely‑used open‑source toolkit that powers Tamil language support across a variety of platforms: Bottom line: The patch eliminates the overflow, ensures

| Platform | Use‑Case | Typical Users | |----------|----------|----------------| | Desktop (Windows, macOS, Linux) | Spell‑checking, transliteration, OCR, and font rendering for Tamil text | Developers, typographers, academic researchers | | Web (Node.js, browser extensions) | Input method editors (IMEs), real‑time transliteration, and Unicode normalization | Web developers, content creators | | Mobile (Android, iOS) | Keyboard apps, voice‑to‑text, and offline dictionary services | End‑users, language learners |

Because it sits at the intersection of Unicode handling, regular expression parsing, and native code (C/C++ bindings for performance), any flaw in TamilsXe can cascade into a range of downstream products—from a simple text editor to large‑scale e‑learning platforms.