In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
                
            References
                    | Link | Resource | 
|---|---|
| https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 | Exploit Issue Tracking | 
| https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 | Exploit Issue Tracking | 
Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    23 Apr 2025, 18:17
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time | Xmlsoft libxml2 Xmlsoft | |
| CPE | cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* | |
| Summary | 
 | |
| CWE | CWE-125 | |
| References | () https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 - Exploit, Issue Tracking | 
17 Apr 2025, 19:16
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 - | 
17 Apr 2025, 18:15
| Type | Values Removed | Values Added | 
|---|---|---|
| Summary | (en) In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. | |
| CVSS | v2 : v3 : | v2 : unknown v3 : 2.9 | 
17 Apr 2025, 17:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-04-17 17:15
Updated : 2025-04-23 18:17
NVD link : CVE-2025-32415
Mitre link : CVE-2025-32415
CVE.ORG link : CVE-2025-32415
JSON object : View
Products Affected
                xmlsoft
- libxml2
