libxml2 Heap-Based Buffer Under-Read Vulnerability in XML Schema Validation

Vulnerability

A heap-based buffer under-read vulnerability has been identified in libxml2 versions prior to 2.13.8 and in the 2.14.x branch prior to 2.14.2. The issue arises in the 'xmlSchemaIDCFillNodeTables' function within 'xmlschemas.c'. Exploitation of this vulnerability requires a crafted XML document to be validated against an XML schema that includes specific identity constraints, or the use of a specially crafted XML schema.

Impact

Exploitation of this vulnerability can lead to a heap-based buffer under-read, which may cause information disclosure or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libxml2 Heap-Based Buffer Under-Read Vulnerability in XML Schema Validation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating