Security Advisories (3)

CVE-2015-3451 (2015-04-23)

The _clone function does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

https://metacpan.org/changes/distribution/XML-LibXML

CVE-2017-10672 (2015-04-23)

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

CVE-2026-8177 (2026-05-10)

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory. Any Perl process that passes attacker controlled strings to XML::LibXML's DOM node-name methods can reach this path on the default API. The likely consequence is a crash, causing denial of service.

NAME

XML::LibXML::DOM - XML::LibXML DOM implementation

DESCRIPTION

XML::LibXML implements a native DOM so the parsed structures are accessable from the perl layer. The current implementation offers an alternative interface to many DOM functions in addition to the specified functions. These functions will be removed in future versions or renamed to perl style names.

XML::LibXML's DOM implementation tries to follow the various DOM specs although not all interfaces are implemented yet. Also there some efford is taken to also to follow the XPath DOM extensions. There are many functions that are specified for DOM and already present in XML::LibXML's DOM API, but still not documented.

Although XML::LibXML provides the more important interfaces to node structures, there are not all node types implemented (yet). The more common functions are provided by XML::LibXML::Node, so it should be possible to access most parts of the document. Since XML::LibXML wraps only the document structure provided by libxml2, XML::LibXML::Node will not work properly with nodes found in a DTD, since they are not nodes in context of libxml2. Besides that XML::LibXML's DOM Api should provide a more perlish interface to the DOM structure libxml2 generates. =back

AUTHOR

Matt Sergeant, Christian Glahn

VERSION

1.49

To install XML::LibXML, copy and paste the appropriate command in to your terminal.

cpanm

cpanm XML::LibXML

CPAN shell

perl -MCPAN -e shell
install XML::LibXML

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

DESCRIPTION

AUTHOR

VERSION

Module Install Instructions

Keyboard Shortcuts