XML-Parser-2.27

Security Advisories (2)

CVE-2006-10002 (2026-03-19)

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.

CVE-2006-10003 (2026-03-19)

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

Changes for version 2.27 - 1999-09-25

Corrected documentation in Parser.pm
Deal with XML_NS and XML_BYTE_ORDER macros in Expat/Makefile.PL
Chris Thorman <chris@thorman.com> noted that "require 'URI::URL.pm'" in Parser.pm was in error (should be "require 'URI/URL.pm'")
Andrew McNaughton <andrew@scoop.co.nz> noted "use English" and use of '$&' slowed down regex handling for whole application, so they were excised from XML::Parser::Expat.
Work around "modification of read-only value" bug in perl 5.004
Enno Derksen <enno@att.com> reported that the Doctype handler wasn't being called when ParseParamEnt was set.
Now using Version 19990728 of expat, with local patches.
Got rid of shadow buffer o thus fixed the error reported by Ashley Sanders <a.sanders@mcc.ac.uk> o and removed ExpatNB limitations that Peter Billam <music@pjb.com.au> noted.
Vadim Konovalov <vkonovalov@lucent.com> had a problem compiling for multi-threading that was fixed by changing Perl_sv_setsv to sv_setsv.
Added new Expat method: skip_until(index)
Backward incompatible change to method xml_escape: to get former behavior use $xp->xml_escape($string, '>', ...)
Added utility, canonical, to samples

Modules

XML::Parser::Expat

Lowlevel access to James Clark's expat XML parser

XML::Parser

A perl module for parsing XML documents

Provides

XML::Parser::Debug

in Parser.pm

XML::Parser::Encinfo

in Expat/Expat.pm

XML::Parser::ExpatNB

in Expat/Expat.pm

XML::Parser::Objects

in Parser.pm

XML::Parser::Stream

in Parser.pm

XML::Parser::Subs

in Parser.pm

XML::Parser::Tree

in Parser.pm

Examples

Other files

To install XML::Parser, copy and paste the appropriate command in to your terminal.

cpanm

cpanm XML::Parser

CPAN shell

perl -MCPAN -e shell
install XML::Parser

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 2.27 - 1999-09-25

Modules

Provides

Examples

Other files

Module Install Instructions

Keyboard Shortcuts