In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

FA plugin updates for vendor_unpatched: 2025/04/08 13:22 chunk 1/1

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7467-1 advisory.

    It was discovered that the libxml2 Python bindings incorrectly handled certain return values. An attacker     could possibly use this issue to cause libxml2 to crash, resulting in a denial of service.
    (CVE-2025-32414)

    It was discovered that libxml2 incorrectly handled certain memory operations. A remote attacker could     possibly use this issue to cause libxml2 to crash, resulting in a denial of service. (CVE-2025-32415)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of libxml2 installed on the remote host is affected by multiple vulnerabilities.

  - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python     API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and     xmlPythonFileReadRaw because of a difference between bytes and characters. (CVE-2025-32414)

  - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a     heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML     schema with certain identity constraints, or a crafted XML schema must be used. (CVE-2025-32415)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of libxml2 installed on the remote host is prior to 2.11.9 / 2.13.8. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-108-01 advisory.

    New libxml2 packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the libxml2 security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API     (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and     xmlPythonFileReadRaw because of a difference between bytes and characters. (CVE-2025-32414)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
234907	Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : libxml2 vulnerabilities (USN-7467-1)	Nessus	Ubuntu Local Security Checks	high
234891	libxml2 < 2.13.8 / 2.14.x < 2.14.2 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
234628	Slackware Linux 15.0 / current libxml2 Multiple Vulnerabilities (SSA:2025-108-01)	Nessus	Slackware Local Security Checks	medium
234202	Linux Distros Unpatched Vulnerability : CVE-2025-32414	Nessus	Misc.	medium

Detections

Analytics

CVE-2025-32414

high

Tenable Plugins

Coming Soon

high

high

medium

medium