CVE-2025-32414 | THREATINT

Description

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

PUBLISHED Reserved 2025-04-08 | Published 2025-04-08 | Updated 2025-11-03 | Assigner mitre

MEDIUM: 5.6CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Problem types

CWE-393 Return of Wrong Status Code

Product status

Default status

unaffected

Any version before 2.13.8

affected

2.14.0 (semver) before 2.14.2

affected

References

gitlab.gnome.org/GNOME/libxml2/-/issues/889 exploit

lists.debian.org/debian-lts-announce/2025/04/msg00041.html

gitlab.gnome.org/GNOME/libxml2/-/issues/889

cve.org (CVE-2025-32414)

nvd.nist.gov (CVE-2025-32414)

Download JSON