MEDIUM🇬🇧 English

CVE-2025-32414

CVSS 5.6v3.1pub. 2025-04-08upd. 2025-11-03

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
  • Xmlsoft Libxml2

    APP
    Xmlsoft
    < 2.13.82.14.0 – 2.14.2 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2024-40896CRITICAL9.1PL ✓ten sam produkt

XXE w bibliotece libxml2 — obejście niestandardowych handlerów SAX

CVE-2017-7375CRITICAL9.8ten sam produkt

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not ...

CVE-2017-7376CRITICAL9.8ten sam produkt

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit ...

CVE-2017-16931CRITICAL9.8ten sam produkt

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlP...

CVE-2017-8872CRITICAL9.1ten sam produkt

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of servi...