/ 
XML-LibXML-1.64
/ XML::LibXML::Comment
Security Advisories (3)
CVE-2015-3451 (2015-04-23)

The _clone function does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

CVE-2017-10672 (2015-04-23)

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

CVE-2026-8177 (2026-05-10)

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory. Any Perl process that passes attacker controlled strings to XML::LibXML's DOM node-name methods can reach this path on the default API. The likely consequence is a crash, causing denial of service.

NAME

XML::LibXML::Comment - XML::LibXML Comment Class

SYNOPSIS

use XML::LibXML;
# Only methods specific to Comment nodes listed here,
# see XML::LibXML::Node manpage for other methods

$node = XML::LibXML::Comment( $content );

DESCRIPTION

This class provides all functions of XML::LibXML::Text, but for comment nodes. This can be done, since only the output of the node types is different, but not the data structure. :-)

new
$node = XML::LibXML::Comment( $content );

The constructor is the only provided function for this package. It is required, because libxml2 treats text nodes and comment nodes slightly differently.

AUTHORS

Matt Sergeant, Christian Glahn, Petr Pajas,

VERSION

1.64

COPYRIGHT

2001-2007, AxKit.com Ltd; 2002-2006 Christian Glahn; 2006-2007 Petr Pajas, All rights reserved.