VDB

GCVE-VVD-MAGEIA-2025-261

GCVE-VVD-MAGEIA-2025-261
Advisory Published
Vulnetix · Advisory published November 5, 2025
Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content. (CVE-2025-2784) Libsoup: denial of service attack to websocket server. (CVE-2025-32049) Libsoup: integer overflow in append_param_quoted. (CVE-2025-32050) Libsoup: segmentation fault when parsing malformed data uri. (CVE-2025-32051) Libsoup: heap buffer overflow in sniff_unknown(). (CVE-2025-32052) Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space(). (CVE-2025-32053) Libsoup: out of bounds reads in soup_headers_parse_request(). (CVE-2025-32906) Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header. (CVE-2025-32907) Libsoup: denial of service on libsoup through http/2 server. (CVE-2025-32908) Libsoup: null pointer dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c. (CVE-2025-32909) Libsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an unauthorized response with digest authentication. (CVE-2025-32910) Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value. (CVE-2025-32911) Libsoup: null pointer dereference in client when server omits the "nonce" parameter in an unauthorized response with digest authentication. (CVE-2025-32912) Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header. (CVE-2025-32913) Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process. (CVE-2025-32914) Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c. (CVE-2025-46420) Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server. (CVE-2025-46421) Libsoup: null pointer dereference in libsoup may lead to denial of service. (CVE-2025-4476) Libsoup: integer overflow in cookie expiration date handling in libsoup. (CVE-2025-4945)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageialibsoup30 (affected), 3.4.2-1.2.mga9 (unaffected)
Mageialibsoup0 (affected), 2.74.3-1.2.mga9 (unaffected)

References

Updated libsoup3 & libsoup packages fix security vulnerabilities
advisory
Updated libsoup3 & libsoup packages fix security vulnerabilities
advisory
Updated libsoup3 & libsoup packages fix security vulnerabilities
advisory
Updated libsoup3 & libsoup packages fix security vulnerabilities
issue
Updated libsoup3 & libsoup packages fix security vulnerabilities
issue
Updated libsoup3 & libsoup packages fix security vulnerabilities
issue
Updated libsoup3 & libsoup packages fix security vulnerabilities
issue
Updated libsoup3 & libsoup packages fix security vulnerabilities
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›