NewStart CGSL MAIN 7.02 : libxml2 Multiple Vulnerabilities (NS-SA-2025-0106)

The remote NewStart CGSL host, running version MAIN 7.02, has libxml2 packages installed that are affected by multiple vulnerabilities: - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value...

CVE-2025-32415

CVE-2025-32415 affects libxml2: vulnerable in versions prior to 2.13.8 and 2.14.x prior to 2.14.2. The root cause is a heap-based buffer under-read in xmlSchemaIDCFillNodeTables (xmlschemas.c) that can be triggered by validating a crafted XML against a specific identity-constrained XML schema or ...

CBL Mariner 2.0 Security Update: libxml2 (CVE-2024-56171)

The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56171 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and...

CVE-2024-56171

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

CVE-2024-56171

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...