2360768 – (CVE-2025-32415) CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

Bug 2360768 (CVE-2025-32415) - CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

Summary: CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

Keywords:
Status:	NEW
Alias:	CVE-2025-32415
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2360875 2360876 2360877 2360878 2360879 2360880 2360881 2360882 2360883 2360884 2360885 2360886 2360887 2360888 2360889 2360890
Blocks:
TreeView+	depends on / blocked

Reported:	2025-04-17 18:01 UTC by OSIDB Bzimport
Modified:	2025-04-18 04:05 UTC (History)
CC List:	20 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-04-17 18:01:13 UTC

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Note You need to log in before you can comment on or make changes to this bug.

adudiak
caswilli
crizzo
csutherl
dfreiber
drow
jburrell
jclere
jmitchel
jtanner
kaycoth
kshier
mturk
omaciel
pjindal
plodge
stcannon
szappis
vkumar
yguenane