/ 
XML-LibXML-1.54 UNAUTHORIZED RELEASE
/ XML::LibXML::SAX::Generator
Security Advisories (3)
CVE-2015-3451 (2015-04-23)

The _clone function does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

CVE-2017-10672 (2015-04-23)

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

CVE-2026-8177 (2026-05-10)

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory. Any Perl process that passes attacker controlled strings to XML::LibXML's DOM node-name methods can reach this path on the default API. The likely consequence is a crash, causing denial of service.

NAME

XML::LibXML::SAX::Generator - Generate SAX events from a LibXML tree

SYNOPSIS

my $handler = MySAXHandler->new();
my $generator = XML::LibXML::SAX::Generator->new(Handler => $handler);
my $dom = XML::LibXML->new->parse_file("foo.xml");

$generator->generate($dom);

DESCRIPTION

This helper class allows you to generate SAX events from any XML::LibXML node, and all it's sub-nodes. This basically gives you interop from XML::LibXML to other modules that may implement SAX.

It uses SAX2 style, but should be compatible with anything SAX1, by use of stringification overloading.

There is nothing to really know about, beyond the synopsis above, and a general knowledge of how to use SAX, which is beyond the scope here.