HCE1-SA-2025-0029 Critical HCE 1.1 Security Fix(es): A flaw was found in libxml2_x27;s xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. (CVE-2025-6021) A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program_x27;s crash using libxml or other possible undefined behaviors. (CVE-2025-49794) A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption. (CVE-2025-7425) A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. (CVE-2025-49796) In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. (CVE-2025-32414) HCE 1.1 libxml2-2.9.1-6.hce1c.11.x86_64.rpm libxml2-devel-2.9.1-6.hce1c.11.x86_64.rpm libxml2-python-2.9.1-6.hce1c.11.x86_64.rpm