CVE-2025-32414

CWE-393CWE-252Unchecked Return ValueCWE-139515 documents9 sources
Severity
7.5HIGH
EPSS
0.2%
top 60.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xmlsoft Libxml2
Timeline
PublishedApr 8
Latest updateNov 27

Description

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:LExploitability: 1.4 | Impact: 3.7

Affected Packages5 packages

CVEListV5xmlsoft/libxml22.14.02.14.2+1
NVDxmlsoft/libxml22.14.02.14.2+1
Debianlibxml2< 2.9.10+dfsg-6.7+deb11u7+3
Ubuntulibxml2< 2.9.10+dfsg-5ubuntu0.20.04.10+5
RubyGemsnokogiri< 1.18.8

Patches

Patch: gitlab.gnome.orgPatch: gitlab.gnome.org

🔴Vulnerability Details

8
OSV
libxml2 vulnerabilities2025-11-27
OSV
libxml2 vulnerabilities2025-04-28
OSV
libxml2 vulnerabilities2025-04-28
GHSA
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-324152025-04-21
OSV
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-324152025-04-21

📋Vendor Advisories

6
Ubuntu
libxml2 vulnerabilities2025-11-27
Ubuntu
libxml2 vulnerabilities2025-04-28
Ubuntu
libxml2 vulnerabilities2025-04-28
Microsoft
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and 2025-04-08
Red Hat
libxml2: Out-of-Bounds Read in libxml22025-04-08
CVE-2025-32414 (HIGH CVSS 7.5) | In libxml2 before 2.13.8 and 2.14.x | cvebase.io