PT-2025-17209 · Libxml2+12 · Libxml2+12

Published

2025-04-05

·

Updated

2026-05-08

·

CVE-2025-32415

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions libxml2 versions 2.13.7 and earlier, libxml2 versions 2.14.x before 2.14.2
Description The issue is related to a heap-based buffer under-read in the xmlSchemaIDCFillNodeTables function in xmlschemas.c. This can be exploited by validating a crafted XML document against an XML schema with certain identity constraints or by using a crafted XML schema.
Recommendations For libxml2 versions 2.13.7 and earlier, update to version 2.13.8 or later. For libxml2 versions 2.14.x before 2.14.2, update to version 2.14.2 or later.

Exploit

Fix

DoS

Out of bounds Read

Weakness Enumeration

CWE-1284CWE-125

Related Identifiers

ALSA-2025:13203
ALSA-2025:13428
ALSA-2025:13429
ALT-PU-2025-13303
ALT-PU-2025-13305
ALT-PU-2025-8169
AZL-60863
AZL-60886
BDU:2025-06564
BIT-JAVA-2025-32415
BIT-JAVA-MIN-2025-32415
BIT-JRE-2025-32415
CESA-2025_13203
CVE-2025-32415
DLA-4146-1
DSA-5949-1
ECHO-61DF-2010-4130
INFSA-2025_13203
INFSA-2025_13428
MGASA-2025-0139
OESA-2025-1455
OESA-2025-1456
OESA-2025-1457
OESA-2025-1458
OESA-2025-1459
OPENSUSE-SU-2025:15019-1
OPENSUSE-SU-2025_1435-1
OPENSUSE-SU-2025_1438-1
OPENSUSE-SU-2025_1439-1
RHSA-2025:13203
RHSA-2025:13428
RHSA-2025:13429
RHSA-2025:13677
RHSA-2025:13683
RHSA-2025:13684
RHSA-2025:13688
RHSA-2025:13689
RHSA-2025:13788
RHSA-2025:13789
RHSA-2025:13806
RHSA-2025_13203
RHSA-2025_13428
RHSA-2026:7519
SUSE-SU-2025:1435-1
SUSE-SU-2025:1438-1
SUSE-SU-2025:1439-1
SUSE-SU-2025:1440-1
SUSE-SU-2025:20333-1
SUSE-SU-2025:20364-1
USN-7467-1
USN-7467-2
USN-7896-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libxml2