/ 
XML-LibXML-2.0208
/ XML::LibXML::SAX::Generator
Security Advisories (1)
CVE-2026-8177 (2026-05-10)

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory. Any Perl process that passes attacker controlled strings to XML::LibXML's DOM node-name methods can reach this path on the default API. The likely consequence is a crash, causing denial of service.

NAME

XML::LibXML::SAX::Generator - Generate SAX events from a LibXML tree

SYNOPSIS

my $handler = MySAXHandler->new();
my $generator = XML::LibXML::SAX::Generator->new(Handler => $handler);
my $dom = XML::LibXML->new->parse_file("foo.xml");

$generator->generate($dom);

DESCRIPTION

THIS CLASS IS DEPRECATED! Use XML::LibXML::SAX::Parser instead!

This helper class allows you to generate SAX events from any XML::LibXML node, and all it's sub-nodes. This basically gives you interop from XML::LibXML to other modules that may implement SAX.

It uses SAX2 style, but should be compatible with anything SAX1, by use of stringification overloading.

There is nothing to really know about, beyond the synopsis above, and a general knowledge of how to use SAX, which is beyond the scope here.