Security Advisories (11)

CVE-2020-12723 (2020-06-05)

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-10878 (2020-06-05)

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10543 (2020-06-05)

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2018-18314 (2018-12-07)

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18313 (2018-12-07)

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18312 (2018-12-05)

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18311 (2018-12-07)

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

CVE-2024-56406 (2025-04-13)

A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

CVE-2025-40909 (2025-05-30)

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

CVE-2023-47039 (2023-10-30)

Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

NAME

Pod::Html - module to convert pod files to HTML

SYNOPSIS

use Pod::Html;
pod2html([options]);

DESCRIPTION

Converts files from pod format (see perlpod) to HTML format. It can automatically generate indexes and cross-references, and it keeps a cache of things it knows how to cross-reference.

FUNCTIONS

pod2html

pod2html("pod2html",
         "--podpath=lib:ext:pod:vms",
         "--podroot=/usr/src/perl",
         "--htmlroot=/perl/nmanual",
         "--recurse",
         "--infile=foo.pod",
         "--outfile=/perl/nmanual/foo.html");

pod2html takes the following arguments:

backlink

--backlink

Turns every head1 heading into a link back to the top of the page. By default, no backlinks are generated.

cachedir

--cachedir=name

Creates the directory cache in the given directory.

css

--css=stylesheet

Specify the URL of a cascading style sheet. Also disables all HTML/CSS style attributes that are output by default (to avoid conflicts).

flush

--flush

Flushes the directory cache.

header

--header
--noheader

Creates header and footer blocks containing the text of the NAME section. By default, no headers are generated.

help

--help

Displays the usage message.

htmldir

--htmldir=name

Sets the directory to which all cross references in the resulting html file will be relative. Not passing this causes all links to be absolute since this is the value that tells Pod::Html the root of the documentation tree.

Do not use this and --htmlroot in the same call to pod2html; they are mutually exclusive.

htmlroot

--htmlroot=name

Sets the base URL for the HTML files. When cross-references are made, the HTML root is prepended to the URL.

Do not use this if relative links are desired: use --htmldir instead.

Do not pass both this and --htmldir to pod2html; they are mutually exclusive.

index

--index
--noindex

Generate an index at the top of the HTML file. This is the default behaviour.

infile

--infile=name

Specify the pod file to convert. Input is taken from STDIN if no infile is specified.

outfile

--outfile=name

Specify the HTML file to create. Output goes to STDOUT if no outfile is specified.

poderrors

--poderrors
--nopoderrors

Include a "POD ERRORS" section in the outfile if there were any POD errors in the infile. This section is included by default.

podpath

--podpath=name:...:name

Specify which subdirectories of the podroot contain pod files whose HTML converted forms can be linked to in cross references.

podroot

--podroot=name

Specify the base directory for finding library pods. Default is the current working directory.

quiet

--quiet
--noquiet

Don't display mostly harmless warning messages. These messages will be displayed by default. But this is not the same as verbose mode.

recurse

--recurse
--norecurse

Recurse into subdirectories specified in podpath (default behaviour).

title

--title=title

Specify the title of the resulting HTML file.

verbose

--verbose
--noverbose

Display progress messages. By default, they won't be displayed.

htmlify

htmlify($heading);

Converts a pod section specification to a suitable section specification for HTML. Note that we keep spaces and special characters except ", ? (Netscape problem) and the hyphen (writer's problem...).

anchorify

anchorify(@heading);

Similar to htmlify(), but turns non-alphanumerics into underscores. Note that anchorify() is not exported by default.

ENVIRONMENT

Uses $Config{pod2html} to setup default options.

AUTHOR

Marc Green, <marcgreen@cpan.org>.

Original version by Tom Christiansen, <tchrist@perl.com>.

COPYRIGHT

This program is distributed under the Artistic License.

To install less, copy and paste the appropriate command in to your terminal.

cpanm

cpanm less

CPAN shell

perl -MCPAN -e shell
install less

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)