CVE-2024-52531 — Out-of-bounds Write in Libsoup

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow CWE-120 — Classic Buffer Overflow13 documents8 sources

Severity

6.5MEDIUMNVD

OSV7.5

EPSS

0.1%

top 64.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Libsoup

Timeline

PublishedNov 11

Latest updateJun 11

Description

GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response).

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.7

Affected Packages2 packages

▶CVEListV5gnome/libsoup< 3.6.1

▶NVDgnome/libsoup< 3.6.1

🔴Vulnerability Details

OSV

libsoup2.4 vulnerabilities↗2025-06-11

▶

OSV

libsoup3 vulnerabilities↗2024-11-27

▶

OSV

libsoup2.4 vulnerabilities↗2024-11-27

▶

CVEList

CVE-2024-52531: GNOME libsoup before 3↗2024-11-11

▶

GHSA

GHSA-5mc3-gwcr-mgc3: GNOME libsoup before 3↗2024-11-11

▶

📋Vendor Advisories

Ubuntu

libsoup vulnerabilities↗2025-06-11

▶

Ubuntu

libsoup vulnerabilities↗2024-11-27

▶

Ubuntu

libsoup3 vulnerabilities↗2024-11-27

▶

Microsoft

GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict.↗2024-11-12

▶

Red Hat

libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict↗2024-11-11

▶