CVSS: 2.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32415 – Ubuntu Security Notice USN-7467-1
https://notcve.org/view.php?id=CVE-2025-32415
17 Apr 2025 — In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. It was discovered that the libxml2 Python bindings incorrectly handled certain return values. An attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service. It was discovered that libxml2 i... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32414 – Ubuntu Security Notice USN-7467-1
https://notcve.org/view.php?id=CVE-2025-32414
08 Apr 2025 — In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. It was discovered that the libxml2 Python bindings incorrectly handled certain return values. An attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service. It was discovered that libxml2 incorrect... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 • CWE-393: Return of Wrong Status Code •