CVSS: 2.9EPSS: %CPEs: 2EXPL: 0CVE-2025-32415
https://notcve.org/view.php?id=CVE-2025-32415
17 Apr 2025 — In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32414
https://notcve.org/view.php?id=CVE-2025-32414
08 Apr 2025 — In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 • CWE-393: Return of Wrong Status Code •