| Package | libxml2 |
|---|---|
| Version | 2.9.1+dfsg1-5+deb8u19 (jessie), 2.9.4+dfsg1-2.2+deb9u13 (stretch), 2.9.4+dfsg1-7+deb10u11 (buster) |
| Related CVEs | CVE-2025-32414 CVE-2025-32415 |
Two issues have been found in libxml2, the GNOME XML library. They are related to an out-of-bounds memory access in the Python API and a heap-buffer-overflow in xmlSchemaIDCFillNodeTables().
For Debian 10 buster, these problems have been fixed in version 2.9.4+dfsg1-7+deb10u11.
For Debian 8 jessie, these problems have been fixed in version 2.9.1+dfsg1-5+deb8u19.
For Debian 9 stretch, these problems have been fixed in version 2.9.4+dfsg1-2.2+deb9u13.
We recommend that you upgrade your libxml2 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.