{"id":"USN-7565-1","summary":"libsoup2.4 vulnerabilities","details":"It was discovered that libsoup did not correctly handle memory while\nperforming UTF-8 conversions. An attacker could possibly use this issue\nto cause a denial of service or execute arbitrary code. This issue only\naffected Ubuntu 16.04 LTS. (CVE-2024-52531)\n\nIt was discovered that libsoup could enter an infinite loop when reading\ncertain websocket data. An attacker could possibly use this issue to\ncause a denial of service. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2024-52532)\n\nIt was discovered that libsoup could be made to read out of bounds. An\nattacker could possibly use this issue to cause applications using\nlibsoup to crash, resulting in a denial of service. (CVE-2025-2784,\nCVE-2025-32050, CVE-2025-32052, CVE-2025-32053)","modified":"2026-02-10T04:48:59Z","published":"2025-06-11T01:42:05Z","related":["UBUNTU-CVE-2024-52531","UBUNTU-CVE-2024-52532","UBUNTU-CVE-2025-2784","UBUNTU-CVE-2025-32050","UBUNTU-CVE-2025-32052","UBUNTU-CVE-2025-32053"],"upstream":["CVE-2024-52531","CVE-2024-52532","CVE-2025-2784","CVE-2025-32050","CVE-2025-32052","CVE-2025-32053","UBUNTU-CVE-2024-52531","UBUNTU-CVE-2024-52532","UBUNTU-CVE-2025-2784","UBUNTU-CVE-2025-32050","UBUNTU-CVE-2025-32052","UBUNTU-CVE-2025-32053"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7565-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-52531"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-52532"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-2784"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-32050"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-32052"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-32053"}],"affected":[{"package":{"name":"libsoup2.4","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/libsoup2.4@2.52.2-1ubuntu0.3+esm4?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.52.2-1ubuntu0.3+esm4"}]}],"versions":["2.50.0-2debian1","2.52.1-1","2.52.2-1","2.52.2-1ubuntu0.1","2.52.2-1ubuntu0.2","2.52.2-1ubuntu0.3","2.52.2-1ubuntu0.3+esm1","2.52.2-1ubuntu0.3+esm2","2.52.2-1ubuntu0.3+esm3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"gir1.2-soup-2.4","binary_version":"2.52.2-1ubuntu0.3+esm4"},{"binary_name":"libsoup-gnome2.4-1","binary_version":"2.52.2-1ubuntu0.3+esm4"},{"binary_name":"libsoup-gnome2.4-dev","binary_version":"2.52.2-1ubuntu0.3+esm4"},{"binary_name":"libsoup2.4-1","binary_version":"2.52.2-1ubuntu0.3+esm4"},{"binary_name":"libsoup2.4-dev","binary_version":"2.52.2-1ubuntu0.3+esm4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7565-1.json","cves_map":{"cves":[{"id":"CVE-2024-52531","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-52532","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-2784","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-32050","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-32052","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-32053","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"libsoup2.4","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/libsoup2.4@2.62.1-1ubuntu0.4+esm5?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.62.1-1ubuntu0.4+esm5"}]}],"versions":["2.60.1-1","2.60.2-1","2.60.2-2","2.60.3-1","2.61.90-1","2.62.0-1","2.62.1-1","2.62.1-1ubuntu0.1","2.62.1-1ubuntu0.3","2.62.1-1ubuntu0.4","2.62.1-1ubuntu0.4+esm1","2.62.1-1ubuntu0.4+esm2","2.62.1-1ubuntu0.4+esm3","2.62.1-1ubuntu0.4+esm4"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"gir1.2-soup-2.4","binary_version":"2.62.1-1ubuntu0.4+esm5"},{"binary_name":"libsoup-gnome2.4-1","binary_version":"2.62.1-1ubuntu0.4+esm5"},{"binary_name":"libsoup-gnome2.4-dev","binary_version":"2.62.1-1ubuntu0.4+esm5"},{"binary_name":"libsoup2.4-1","binary_version":"2.62.1-1ubuntu0.4+esm5"},{"binary_name":"libsoup2.4-dev","binary_version":"2.62.1-1ubuntu0.4+esm5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7565-1.json","cves_map":{"cves":[{"id":"CVE-2025-2784","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-32050","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-32052","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-32053","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}}],"schema_version":"1.7.3"}