Updated: 2025-04-25 04:38:14.711856
Description:
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | libxml2 | 2.9.13 | 7.5 | HIGH | Needs Triage | 2025-04-25 05:41:50 | ||
| CentOS 6 ELS | libxml2 | 2.7.6 | 7.5 | HIGH | In Rollout | CLSA-2025:1747057793 | 2025-05-13 04:18:05 | |
| CentOS 7 ELS | libxml2 | 2.9.1 | 7.5 | HIGH | In Rollout | CLSA-2025:1747058033 | 2025-05-13 04:18:03 | |
| CentOS 8.4 ELS | libxml2 | 2.9.7-9 | 7.5 | HIGH | Released | CLSA-2025:1746791922 | 2025-05-10 04:57:41 | |
| CentOS 8.5 ELS | libxml2 | 2.9.7-9 | 7.5 | HIGH | Released | CLSA-2025:1746792339 | 2025-05-10 04:57:42 | |
| CentOS Stream 8 ELS | libxml2 | 2.9.7 | 7.5 | HIGH | Released | CLSA-2025:1746654421 | 2025-05-10 04:57:43 | |
| CloudLinux 6 ELS | libxml2 | 2.7.6 | 7.5 | HIGH | In Rollout | CLSA-2025:1747058647 | 2025-05-13 04:18:00 | |
| CloudLinux 7 ELS | libxml2 | 2.9.1 | 7.5 | HIGH | In Rollout | CLSA-2025:1747058839 | 2025-05-13 04:18:04 | |
| Oracle Linux 6 ELS | libxml2 | 2.7.6 | 7.5 | HIGH | Released | CLSA-2025:1747058711 | 2025-05-14 04:51:09 | |
| Oracle Linux 7 ELS | libxml2 | 2.9.1 | 7.5 | HIGH | Released | CLSA-2025:1747058736 | 2025-05-13 04:18:02 |