{"id":"MGASA-2025-0261","summary":"Updated libsoup3 & libsoup packages fix security vulnerabilities","details":"Libsoup: heap buffer over-read in `skip_insignificant_space` when\nsniffing content. (CVE-2025-2784)\nLibsoup: denial of service attack to websocket server. (CVE-2025-32049)\nLibsoup: integer overflow in append_param_quoted. (CVE-2025-32050)\nLibsoup: segmentation fault when parsing malformed data uri.\n(CVE-2025-32051)\nLibsoup: heap buffer overflow in sniff_unknown(). (CVE-2025-32052)\nLibsoup: heap buffer overflows in sniff_feed_or_html() and\nskip_insignificant_space(). (CVE-2025-32053)\nLibsoup: out of bounds reads in soup_headers_parse_request().\n(CVE-2025-32906)\nLibsoup: denial of service in server when client requests a large amount\nof overlapping ranges with range header. (CVE-2025-32907)\nLibsoup: denial of service on libsoup through http/2 server.\n(CVE-2025-32908)\nLibsoup: null pointer dereference on libsoup through function\n\"sniff_mp4\" in soup-content-sniffer.c. (CVE-2025-32909)\nLibsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c\nthrough \"soup_auth_digest_authenticate\" on client when server omits the\n\"realm\" parameter in an unauthorized response with digest\nauthentication. (CVE-2025-32910)\nLibsoup: double free on soup_message_headers_get_content_disposition()\nthrough \"soup-message-headers.c\" via \"params\" ghashtable value.\n(CVE-2025-32911)\nLibsoup: null pointer dereference in client when server omits the\n\"nonce\" parameter in an unauthorized response with digest\nauthentication. (CVE-2025-32912)\nLibsoup: null pointer dereference in\nsoup_message_headers_get_content_disposition when \"filename\" parameter\nis present, but has no value in content-disposition header.\n(CVE-2025-32913)\nLibsoup: oob read on libsoup through function\n\"soup_multipart_new_from_message\" in soup-multipart.c leads to crash or\nexit of process. (CVE-2025-32914)\nLibsoup: memory leak on soup_header_parse_quality_list() via\nsoup-headers.c. (CVE-2025-46420)\nLibsoup: information disclosure may leads libsoup client sends\nauthorization header to a different host when being redirected by a\nserver. (CVE-2025-46421)\nLibsoup: null pointer dereference in libsoup may lead to denial of\nservice. (CVE-2025-4476)\nLibsoup: integer overflow in cookie expiration date handling in libsoup.\n(CVE-2025-4945)\n","modified":"2026-03-25T17:59:17.319925Z","published":"2025-11-05T22:49:51Z","related":["CVE-2025-2784","CVE-2025-32049","CVE-2025-32050","CVE-2025-32051","CVE-2025-32052","CVE-2025-32053","CVE-2025-32906","CVE-2025-32907","CVE-2025-32908","CVE-2025-32909","CVE-2025-32910","CVE-2025-32911","CVE-2025-32912","CVE-2025-32913","CVE-2025-32914","CVE-2025-4476","CVE-2025-46421","CVE-2025-4945"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0261.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34187"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-7432-1"},{"type":"REPORT","url":"https://openwall.com/lists/oss-security/2025/04/18/4"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/53THXHSDPP4TLMFRSP5DPLY4DK72M7XY/"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-7543-1"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NK7USYFSJPRTIVISSEDBLS53JCM5ETOI/"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/EPLHUVQI4JICGWTVGG7KI7D4BMHB34YD/"}],"affected":[{"package":{"name":"libsoup3","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libsoup3?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.2-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0261.json"}},{"package":{"name":"libsoup","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libsoup?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.74.3-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0261.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}