Bug 2360768 (CVE-2025-32415) - CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
Summary: CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
Keywords:
Status: NEW
Alias: CVE-2025-32415
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2360875 2360876 2360877 2360878 2360883 2360884 2360885 2360886 2360887 2360888 2360889 2360890 2360879 2360880 2360881 2360882
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-04-17 18:01 UTC by OSIDB Bzimport
Modified: 2025-09-25 09:08 UTC (History)
19 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:13341 0 None None None 2025-08-07 09:16:00 UTC
Red Hat Product Errata RHBA-2025:13404 0 None None None 2025-08-07 10:52:46 UTC
Red Hat Product Errata RHBA-2025:13422 0 None None None 2025-08-07 11:54:48 UTC
Red Hat Product Errata RHBA-2025:13510 0 None None None 2025-08-07 22:23:23 UTC
Red Hat Product Errata RHBA-2025:13539 0 None None None 2025-08-11 01:02:34 UTC
Red Hat Product Errata RHBA-2025:13543 0 None None None 2025-08-11 01:05:25 UTC
Red Hat Product Errata RHBA-2025:13624 0 None None None 2025-08-11 13:00:53 UTC
Red Hat Product Errata RHBA-2025:13625 0 None None None 2025-08-11 13:00:43 UTC
Red Hat Product Errata RHBA-2025:13784 0 None None None 2025-08-13 09:19:47 UTC
Red Hat Product Errata RHBA-2025:13798 0 None None None 2025-08-13 15:50:28 UTC
Red Hat Product Errata RHBA-2025:14113 0 None None None 2025-08-19 19:52:22 UTC
Red Hat Product Errata RHBA-2025:14632 0 None None None 2025-08-26 14:28:26 UTC
Red Hat Product Errata RHBA-2025:14850 0 None None None 2025-08-28 09:45:55 UTC
Red Hat Product Errata RHBA-2025:15125 0 None None None 2025-09-03 15:28:45 UTC
Red Hat Product Errata RHBA-2025:15573 0 None None None 2025-09-09 17:39:00 UTC
Red Hat Product Errata RHSA-2025:13203 0 None None None 2025-08-06 11:35:43 UTC
Red Hat Product Errata RHSA-2025:13428 0 None None None 2025-08-07 13:20:12 UTC
Red Hat Product Errata RHSA-2025:13429 0 None None None 2025-08-07 13:21:43 UTC
Red Hat Product Errata RHSA-2025:13677 0 None None None 2025-08-12 09:39:06 UTC
Red Hat Product Errata RHSA-2025:13681 0 None None None 2025-08-14 13:51:11 UTC
Red Hat Product Errata RHSA-2025:13683 0 None None None 2025-08-12 12:25:10 UTC
Red Hat Product Errata RHSA-2025:13684 0 None None None 2025-08-12 12:22:15 UTC
Red Hat Product Errata RHSA-2025:13688 0 None None None 2025-08-12 12:53:18 UTC
Red Hat Product Errata RHSA-2025:13689 0 None None None 2025-08-12 12:42:10 UTC
Red Hat Product Errata RHSA-2025:13788 0 None None None 2025-08-13 10:35:44 UTC
Red Hat Product Errata RHSA-2025:13789 0 None None None 2025-08-13 10:41:34 UTC
Red Hat Product Errata RHSA-2025:13806 0 None None None 2025-08-13 15:57:12 UTC
Red Hat Product Errata RHSA-2025:14059 0 None None None 2025-08-27 21:45:14 UTC
Red Hat Product Errata RHSA-2025:14818 0 None None None 2025-09-04 17:01:56 UTC
Red Hat Product Errata RHSA-2025:14819 0 None None None 2025-09-02 19:23:55 UTC
Red Hat Product Errata RHSA-2025:14853 0 None None None 2025-09-04 17:04:18 UTC
Red Hat Product Errata RHSA-2025:14858 0 None None None 2025-09-04 17:04:34 UTC
Red Hat Product Errata RHSA-2025:15308 0 None None None 2025-09-11 12:01:05 UTC
Red Hat Product Errata RHSA-2025:15672 0 None None None 2025-09-18 05:45:03 UTC
Red Hat Product Errata RHSA-2025:16159 0 None None None 2025-09-25 09:08:01 UTC

Description OSIDB Bzimport 2025-04-17 18:01:13 UTC 
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Comment 4 errata-xmlrpc 2025-08-06 11:35:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:13203 https://access.redhat.com/errata/RHSA-2025:13203
Comment 5 errata-xmlrpc 2025-08-07 13:20:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:13428 https://access.redhat.com/errata/RHSA-2025:13428
Comment 6 errata-xmlrpc 2025-08-07 13:21:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:13429 https://access.redhat.com/errata/RHSA-2025:13429
Comment 11 errata-xmlrpc 2025-08-12 09:39:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:13677 https://access.redhat.com/errata/RHSA-2025:13677
Comment 12 errata-xmlrpc 2025-08-12 12:22:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:13684 https://access.redhat.com/errata/RHSA-2025:13684
Comment 13 errata-xmlrpc 2025-08-12 12:25:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:13683 https://access.redhat.com/errata/RHSA-2025:13683
Comment 14 errata-xmlrpc 2025-08-12 12:42:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:13689 https://access.redhat.com/errata/RHSA-2025:13689
Comment 15 errata-xmlrpc 2025-08-12 12:53:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:13688 https://access.redhat.com/errata/RHSA-2025:13688
Comment 16 errata-xmlrpc 2025-08-13 10:35:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:13788 https://access.redhat.com/errata/RHSA-2025:13788
Comment 17 errata-xmlrpc 2025-08-13 10:41:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:13789 https://access.redhat.com/errata/RHSA-2025:13789
Comment 18 errata-xmlrpc 2025-08-13 15:57:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:13806 https://access.redhat.com/errata/RHSA-2025:13806
Comment 19 errata-xmlrpc 2025-08-14 13:51:09 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services 2.4.62.SP1

Via RHSA-2025:13681 https://access.redhat.com/errata/RHSA-2025:13681
Comment 20 errata-xmlrpc 2025-08-27 21:45:12 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:14059 https://access.redhat.com/errata/RHSA-2025:14059
Comment 21 errata-xmlrpc 2025-09-02 19:23:53 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.19

Via RHSA-2025:14819 https://access.redhat.com/errata/RHSA-2025:14819
Comment 22 errata-xmlrpc 2025-09-04 17:01:54 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:14818 https://access.redhat.com/errata/RHSA-2025:14818
Comment 23 errata-xmlrpc 2025-09-04 17:04:16 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:14853 https://access.redhat.com/errata/RHSA-2025:14853
Comment 24 errata-xmlrpc 2025-09-04 17:04:32 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:14858 https://access.redhat.com/errata/RHSA-2025:14858
Comment 36 errata-xmlrpc 2025-09-11 12:01:02 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2025:15308 https://access.redhat.com/errata/RHSA-2025:15308
Comment 37 errata-xmlrpc 2025-09-18 05:45:00 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2025:15672 https://access.redhat.com/errata/RHSA-2025:15672
Comment 38 errata-xmlrpc 2025-09-25 09:07:59 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:16159 https://access.redhat.com/errata/RHSA-2025:16159
Note You need to log in before you can comment on or make changes to this bug.