CVSS: 2.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32415 – Ubuntu Security Notice USN-7467-1
https://notcve.org/view.php?id=CVE-2025-32415
17 Apr 2025 — In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. It was discovered that the libxml2 Python bindings incorrectly handled certain return values. An attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service. It was discovered that libxml2 i... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32414 – libxml2: Out-of-Bounds Read in libxml2
https://notcve.org/view.php?id=CVE-2025-32414
08 Apr 2025 — In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access via incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw, due to a mismatch between bytes and characters. It was discovered t... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 • CWE-393: Return of Wrong Status Code •