Search CVE reports
1 – 10 of 15 results
CVE-2025-32053
Medium prioritySome fixes available 7 of 9
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
2 affected packages
libsoup2.4, libsoup3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| libsoup3 | Fixed | Fixed | Not in release | — | — |
CVE-2025-32052
Medium prioritySome fixes available 7 of 9
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
2 affected packages
libsoup2.4, libsoup3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| libsoup3 | Fixed | Fixed | Not in release | — | — |
CVE-2025-32051
Medium priorityA flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).
2 affected packages
libsoup2.4, libsoup3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libsoup3 | Fixed | Fixed | Not in release | — | — |
CVE-2025-32050
Medium prioritySome fixes available 7 of 9
A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
2 affected packages
libsoup2.4, libsoup3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| libsoup3 | Fixed | Fixed | Not in release | — | — |
CVE-2025-32049
Medium priorityA flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
2 affected packages
libsoup2.4, libsoup3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsoup3 | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2025-2784
Medium prioritySome fixes available 7 of 9
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP...
2 affected packages
libsoup2.4, libsoup3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| libsoup3 | Fixed | Fixed | Not in release | — | — |
CVE-2024-52532
Medium prioritySome fixes available 8 of 9
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
2 affected packages
libsoup2.4, libsoup3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
| libsoup3 | Fixed | Fixed | Not in release | — | — |
CVE-2024-52531
Medium prioritySome fixes available 8 of 9
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type...
2 affected packages
libsoup2.4, libsoup3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
| libsoup3 | Fixed | Fixed | Not in release | — | — |
CVE-2024-52530
Medium prioritySome fixes available 7 of 8
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a...
2 affected packages
libsoup2.4, libsoup3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
| libsoup3 | Fixed | Fixed | Not in release | — | — |
CVE-2019-17266
Medium prioritylibsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
1 affected package
libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libsoup2.4 | — | — | — | Fixed | Not affected |