PT-2025-15328 · Libxml2+11 · Libxml2+11
Published
2025-04-07
·
Updated
2026-05-08
·
CVE-2025-32414
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
libxml2 versions prior to 2.13.8
libxml2 versions 2.14.x prior to 2.14.2
Description
The vulnerability in libxml2 is related to out-of-bounds memory access in the Python API due to an incorrect return value. This occurs in
xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. Exploitation of this vulnerability can allow a remote attacker to cause a denial of service.Recommendations
For libxml2 versions prior to 2.13.8, update to version 2.13.8 or later.
For libxml2 versions 2.14.x prior to 2.14.2, update to version 2.14.2 or later.
As a temporary workaround, consider disabling the
xmlPythonFileRead and xmlPythonFileReadRaw functions until a patch is available.Exploit
Fix
DoS
Unchecked Return Value
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libxml2