XML-Parser-2.40

Security Advisories (2)

CVE-2006-10002 (2026-03-19)

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.

CVE-2006-10003 (2026-03-19)

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

unless ($expat_libpath) { # Test for existence of libexpat my $found = 0; foreach (split(/\s+/, $Config{libpth})) { if (-f "$_/libexpat." . $Config{so}) { $expat_libpath=$_; $found = 1; last; } }

if (!$found and $^O eq 'MSWin32') {
  if (-f 'C:/lib/Expat-2.0.0/Libs/libexpat.dll') {
    $expat_libpath = 'C:/lib/Expat-2.0.0/Libs';
    $expat_incpath = 'C:/lib/Expat-2.0.0/Source/lib';
    $found = 1;
  }

}
if ($found) {
  print "libexpat found in $expat_libpath\n";
}

unless ($found) {
  warn <<'Expat_Not_Installed;';

Expat must be installed prior to building XML::Parser and I can't find it in the standard library directories. Install 'expat-devel' package with your OS package manager.

Or you can download expat from:

http://sourceforge.net/projects/expat/

If expat is installed, but in a non-standard directory, then use the following options to Makefile.PL:

EXPATLIBPATH=...  To set the directory in which to find libexpat

EXPATINCPATH=...  To set the directory in which to find expat.h

For example:

perl Makefile.PL EXPATLIBPATH=/home/me/lib EXPATINCPATH=/home/me/include

Note that if you build against a shareable library in a non-standard location you may (on some platforms) also have to set your LD_LIBRARY_PATH environment variable at run time for perl to find the library.

Expat_Not_Installed; exit 0; } }

To install XML::Parser, copy and paste the appropriate command in to your terminal.

cpanm

cpanm XML::Parser

CPAN shell

perl -MCPAN -e shell
install XML::Parser

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Module Install Instructions

Keyboard Shortcuts