vulnerability

Red Hat: CVE-2025-32415: libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (Multiple Advisories)

Name: Red Hat: CVE-2025-32415: libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (Multiple Advisories)
Creator: Red Hat
Published: 2025-04-17T00:00:00.000Z
Keywords: CVE, CWE-125, CWE-1284, Red Hat, 2025, 32415, libxml2, redhat-upgrade-libxml2, redhat-upgrade-libxml2-debuginfo, redhat-upgrade-libxml2-debugsource, redhat-upgrade-libxml2-devel, redhat-upgrade-libxml2-python, redhat-upgrade-libxml2-static, redhat-upgrade-python3-libxml2, redhat-upgrade-python3-libxml2-debuginfo, Severity 8

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Apr 17, 2025

Added

Jul 9, 2025

Modified

Jun 17, 2026

Description

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Solutions

redhat-upgrade-libxml2redhat-upgrade-libxml2-debuginforedhat-upgrade-libxml2-debugsourceredhat-upgrade-libxml2-develredhat-upgrade-libxml2-pythonredhat-upgrade-libxml2-staticredhat-upgrade-python3-libxml2redhat-upgrade-python3-libxml2-debuginfo

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report