diff --git a/libxml2-CVE-2025-32414.patch b/libxml2-CVE-2025-32414.patch
new file mode 100644
index 0000000..e1a7ade
--- /dev/null
+++ b/libxml2-CVE-2025-32414.patch
@@ -0,0 +1,60 @@
+Index: libxml2-2.11.6/python/libxml.c
+===================================================================
+--- libxml2-2.11.6.orig/python/libxml.c
++++ libxml2-2.11.6/python/libxml.c
+@@ -266,7 +266,9 @@ xmlPythonFileReadRaw (void * context, ch
+ #endif
+     file = (PyObject *) context;
+     if (file == NULL) return(-1);
+-    ret = PyObject_CallMethod(file, (char *) "read", (char *) "(i)", len);
++    /* When read() returns a string, the length is in characters not bytes, so
++       request at most len / 4 characters to leave space for UTF-8 encoding. */
++    ret = PyObject_CallMethod(file, (char *) "read", (char *) "(i)", len / 4);
+     if (ret == NULL) {
+ 	printf("xmlPythonFileReadRaw: result is NULL\n");
+ 	return(-1);
+@@ -301,10 +303,12 @@ xmlPythonFileReadRaw (void * context, ch
+ 	Py_DECREF(ret);
+ 	return(-1);
+     }
+-    if (lenread > len)
+-	memcpy(buffer, data, len);
+-    else
+-	memcpy(buffer, data, lenread);
++    if (lenread < 0 || lenread > len) {
++	printf("xmlPythonFileReadRaw: invalid lenread\n");
++	Py_DECREF(ret);
++	return(-1);
++    }
++    memcpy(buffer, data, lenread);
+     Py_DECREF(ret);
+     return(lenread);
+ }
+@@ -331,7 +335,9 @@ xmlPythonFileRead (void * context, char
+ #endif
+     file = (PyObject *) context;
+     if (file == NULL) return(-1);
+-    ret = PyObject_CallMethod(file, (char *) "io_read", (char *) "(i)", len);
++    /* When io_read() returns a string, the length is in characters not bytes, so
++       request at most len / 4 characters to leave space for UTF-8 encoding. */
++    ret = PyObject_CallMethod(file, (char *) "io_read", (char *) "(i)", len / 4);
+     if (ret == NULL) {
+ 	printf("xmlPythonFileRead: result is NULL\n");
+ 	return(-1);
+@@ -366,10 +372,12 @@ xmlPythonFileRead (void * context, char
+ 	Py_DECREF(ret);
+ 	return(-1);
+     }
+-    if (lenread > len)
+-	memcpy(buffer, data, len);
+-    else
+-	memcpy(buffer, data, lenread);
++    if (lenread < 0 || lenread > len) {
++	printf("xmlPythonFileRead: invalid lenread\n");
++	Py_DECREF(ret);
++	return(-1);
++    }
++    memcpy(buffer, data, lenread);
+     Py_DECREF(ret);
+     return(lenread);
+ }
diff --git a/libxml2-CVE-2025-32415.patch b/libxml2-CVE-2025-32415.patch
new file mode 100644
index 0000000..2f31dc8
--- /dev/null
+++ b/libxml2-CVE-2025-32415.patch
@@ -0,0 +1,22 @@
+Index: libxml2-2.11.6/xmlschemas.c
+===================================================================
+--- libxml2-2.11.6.orig/xmlschemas.c
++++ libxml2-2.11.6/xmlschemas.c
+@@ -23632,7 +23632,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaVali
+ 			j++;
+ 		    } while (j < nbDupls);
+ 		}
+-		if (nbNodeTable) {
++		if (bind->nbNodes) {
+ 		    j = 0;
+ 		    do {
+ 			if (nbFields == 1) {
+@@ -23683,7 +23683,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaVali
+ 
+ next_node_table_entry:
+ 			j++;
+-		    } while (j < nbNodeTable);
++		    } while (j < bind->nbNodes);
+ 		}
+ 		/*
+ 		* If everything is fine, then add the IDC target-node to
diff --git a/libxml2.changes b/libxml2.changes
index 4f3571c..f9a77f6 100644
--- a/libxml2.changes
+++ b/libxml2.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Wed Apr 23 07:05:33 UTC 2025 - pgajdos@suse.com
+
+- security update
+- added patches
+  CVE-2025-32414 [bsc#1241551], out-of-bounds read when parsing text via the Python API
+  + libxml2-CVE-2025-32414.patch
+  CVE-2025-32415 [bsc#1241453], a crafted XML document may lead to a heap-based buffer under-read
+  + libxml2-CVE-2025-32415.patch
+
 -------------------------------------------------------------------
 Fri Feb 21 10:28:05 UTC 2025 - pgajdos@suse.com
 
diff --git a/libxml2.spec b/libxml2.spec
index 92125e4..a242ff8 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -75,6 +75,10 @@ Patch2002:      libxml2-CVE-2025-27113.patch
 Patch2003:      libxml2-CVE-2024-56171.patch
 # CVE-2025-24928 [bsc#1237370], stack-based buffer overflow in xmlSnprintfElements in valid.c
 Patch2004:      libxml2-CVE-2025-24928.patch
+# CVE-2025-32414 [bsc#1241551], out-of-bounds read when parsing text via the Python API
+Patch2005:      libxml2-CVE-2025-32414.patch
+# CVE-2025-32415 [bsc#1241453], a crafted XML document may lead to a heap-based buffer under-read
+Patch2006:      libxml2-CVE-2025-32415.patch
 #
 BuildRequires:  fdupes
 BuildRequires:  pkgconfig