CVE-2025-32415
Closed this issue · 3 comments
Srikantan0 commented
Bug Overview
| CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DISCOVERED | DESCRIPTION |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32415 | high | 7.50 | libxml2 | 2.13.4-r5 | fixed in 2.14.2, 2.13.8 | 10 days | < 1 hour | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, |
| 4 days ago | xmlSchemaIDCFillNodeTables in xmlschemas.c has a | |||||||
| heap-based buffer under-read. To exploit this, a | ||||||||
| c... | ||||||||
| CVE-2025-32414 | high | 7.50 | libxml2 | 2.13.4-r5 | fixed in 2.14.2, 2.13.8 | 19 days | < 1 hour | In libxml2 before 2.13.8 and 2.14.x before |
| 4 days ago | 2.14.2, out-of-bounds memory access can occur in | |||||||
| the Python API (Python bindings) because of an | ||||||||
| incorrect r... |
Can you please publish latest versions of docker images without these CVEs ?
This is happening even in latest docker image nginxinc/nginx-unprivileged:1.27.4-alpine as well
Expected Behavior
No reported CVEs
Steps to Reproduce the Bug
Scan the docker image nginxinc/nginx-unprivileged:1.27.4-alpine using twstlock scanner.
Environment Details
- Docker image
nginxinc/nginx-unprivileged:1.27.4-alpine
Additional Context
No response
alessfg commented
I would suggest checking out the newest builds for 1.27.5 and 1.28.0 since they were built just yesterday.
Srikantan0 commented
Hey @alessfg , i just tried the relevant builds, the twistlock scan still detects the CVEs.
alessfg commented
In that case the fix hasn't made it to the actual distros yet.