CVE-2025-32911
published 2025-04-15CVE-2025-32911: A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP…
critical9CVSS 3.1
AVNACHPRNUINSCCHIHAH
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libsoup2.4 | < libsoup2.4 2.72.0-2+deb11u2 (bullseye) | libsoup2.4 2.72.0-2+deb11u2 (bullseye) |
| debian | libsoup3 | < libsoup2.4 2.72.0-2+deb11u2 (bullseye) | libsoup2.4 2.72.0-2+deb11u2 (bullseye) |
| msrc | azl3_libsoup_3.4.4-6_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libsoup_3.0.4-6_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.19.0CRITICALCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
osv9.0CRITICAL