INFSA-2025:13428: libxml2 security update
Information about definition
Identificator: INFSA-2025:13428
Type: security
Release date: 2025-08-13 13:48:36 UTC
Information about package
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Vulnerabilities description
- CVE-2025-32414
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
- CVE-2025-32415
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-32414
|
no information | 5.6 | no information |
|
NIST — CVE-2025-32415
|
no information | 7.5 | no information |
Updated packages