/ 
XML-LibXML-2.0209
/ XML::LibXML::Comment
Security Advisories (1)
CVE-2026-8177 (2026-05-10)

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory. Any Perl process that passes attacker controlled strings to XML::LibXML's DOM node-name methods can reach this path on the default API. The likely consequence is a crash, causing denial of service.

NAME

XML::LibXML::Comment - XML::LibXML Comment Class

SYNOPSIS

use XML::LibXML;
# Only methods specific to Comment nodes are listed here,
# see the XML::LibXML::Node manpage for other methods

$node = XML::LibXML::Comment->new( $content );

DESCRIPTION

This class provides all functions of XML::LibXML::Text, but for comment nodes. This can be done, since only the output of the node types is different, but not the data structure. :-)

METHODS

The class inherits from XML::LibXML::Node. The documentation for Inherited methods is not listed here.

Many functions listed here are extensively documented in the DOM Level 3 specification (http://www.w3.org/TR/DOM-Level-3-Core/). Please refer to the specification for extensive documentation.

new
$node = XML::LibXML::Comment->new( $content );

The constructor is the only provided function for this package. It is required, because libxml2 treats text nodes and comment nodes slightly differently.

AUTHORS

Matt Sergeant, Christian Glahn, Petr Pajas

VERSION

2.0209

COPYRIGHT

2001-2007, AxKit.com Ltd.

2002-2006, Christian Glahn.

2006-2009, Petr Pajas.

LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.