Unrated severityNVD Advisory· Published Apr 17, 2025· Updated Nov 3, 2025
CVE-2025-32415
CVE-2025-32415
Description
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Affected products
59- osv-coords57 versionspkg:apk/chainguard/openjdk-11-openj9pkg:apk/chainguard/openjdk-11-openj9-dbgpkg:apk/chainguard/openjdk-11-openj9-default-jdkpkg:apk/chainguard/openjdk-11-openj9-default-jvmpkg:apk/chainguard/openjdk-11-openj9-default-policypkg:apk/chainguard/openjdk-11-openj9-docpkg:apk/chainguard/openjdk-11-openj9-jmodspkg:apk/chainguard/openjdk-11-openj9-jrepkg:apk/chainguard/openjdk-17-openj9pkg:apk/chainguard/openjdk-17-openj9-dbgpkg:apk/chainguard/openjdk-17-openj9-default-jdkpkg:apk/chainguard/openjdk-17-openj9-default-jvmpkg:apk/chainguard/openjdk-17-openj9-default-policypkg:apk/chainguard/openjdk-17-openj9-docpkg:apk/chainguard/openjdk-17-openj9-jmodspkg:apk/chainguard/openjdk-17-openj9-jrepkg:apk/chainguard/openjdk-21-openj9pkg:apk/chainguard/openjdk-21-openj9-dbgpkg:apk/chainguard/openjdk-21-openj9-default-jdkpkg:apk/chainguard/openjdk-21-openj9-default-jvmpkg:apk/chainguard/openjdk-21-openj9-default-policypkg:apk/chainguard/openjdk-21-openj9-docpkg:apk/chainguard/openjdk-21-openj9-jmodspkg:apk/chainguard/openjdk-21-openj9-jrepkg:apk/chainguard/openjdk-8-openj9pkg:apk/chainguard/openjdk-8-openj9-dbgpkg:apk/chainguard/openjdk-8-openj9-default-jdkpkg:apk/chainguard/openjdk-8-openj9-default-jvmpkg:apk/chainguard/openjdk-8-openj9-docpkg:apk/chainguard/openjdk-8-openj9-jrepkg:bitnami/javapkg:bitnami/java-minpkg:bitnami/jrepkg:rpm/almalinux/libxml2pkg:rpm/almalinux/libxml2-develpkg:rpm/almalinux/libxml2-staticpkg:rpm/almalinux/python3-libxml2pkg:rpm/opensuse/libxml2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libxml2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libxml2-python&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-libxml2-python&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python-libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
< 0.53.0-r0+ 56 more
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 1.8.0
- (no CPE)range: < 1.8.0
- (no CPE)range: < 1.8.0
- (no CPE)range: < 2.9.7-21.el8_10.3
- (no CPE)range: < 2.9.7-21.el8_10.3
- (no CPE)range: < 2.12.5-9.el10_0
- (no CPE)range: < 2.9.7-21.el8_10.3
- (no CPE)range: < 2.10.3-150500.5.26.1
- (no CPE)range: < 2.13.8-1.1
- (no CPE)range: < 2.10.3-150500.5.26.1
- (no CPE)range: < 2.9.7-150000.3.79.1
- (no CPE)range: < 2.9.7-150000.3.79.1
- (no CPE)range: < 2.9.7-150000.3.79.1
- (no CPE)range: < 2.9.14-150400.5.41.1
- (no CPE)range: < 2.9.14-150400.5.41.1
- (no CPE)range: < 2.10.3-150500.5.26.1
- (no CPE)range: < 2.10.3-150500.5.26.1
- (no CPE)range: < 2.9.4-46.84.1
- (no CPE)range: < 2.11.6-8.1
- (no CPE)range: < 2.11.6-slfo.1.1_3.1
- (no CPE)range: < 2.9.14-150400.5.41.1
- (no CPE)range: < 2.9.14-150400.5.41.1
- (no CPE)range: < 2.10.3-150500.5.26.1
- (no CPE)range: < 2.10.3-150500.5.26.1
- (no CPE)range: < 2.10.3-150500.5.26.1
- (no CPE)range: < 2.9.4-46.84.1
- (no CPE)range: < 2.9.7-150000.3.79.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.