logo_clicknbuy.png

CVE-2025-32415 – Libxml2 Heap-Based Buffer Underflow Vulnerability

The following table lists the changes that have been made to the
CVE-2025-32415 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • CVE Modified
    by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Apr. 17, 2025

    Action Type Old Value New Value
    Added Reference https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
  • CVE Modified
    by [email protected]

    Apr. 17, 2025

    Action Type Old Value New Value
    Changed Description In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer underflow. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
    Added CVSS V3.1 AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
    Removed CVSS V3.1 AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
  • New CVE Received
    by [email protected]

    Apr. 17, 2025

    Action Type Old Value New Value
    Added Description In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer underflow. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
    Added CVSS V3.1 AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
    Added CWE CWE-1284
    Added Reference https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
Share the Post:

Related Posts