Debian Libsoup3 vulnerabilities

CVE-2025-32914 [HIGH] CVE-2025-32914: libsoup2.4 - A flaw was found in libsoup, where the soup_multipart_new_from_message() functio... A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds. Scope: local bookworm: open bullseye: resolved (fixed in 2.72.0-2+deb11u2) trixie: resolved (fixed in 2.74.3-10.1)

CVE-2025-32906 [HIGH] CVE-2025-32906: libsoup2.4 - A flaw was found in libsoup, where the soup_headers_parse_request() function may... A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server. Scope: local bookworm: open bullseye: resolved (fixed in 2.72.0-2+deb11u2) trixie: resolved (fixed in 2.74.3-10.1)

CVE-2025-4948 [HIGH] CVE-2025-4948: libsoup2.4 - A flaw was found in the soup_multipart_new_from_message() function of the libsou... A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This

CVE-2025-32049 [HIGH] CVE-2025-32049: libsoup2.4 - A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebS... A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). Scope: local bookworm: open bullseye: open trixie: open

CVE-2025-32913 [HIGH] CVE-2025-32913: libsoup2.4 - A flaw was found in libsoup, where the soup_message_headers_get_content_disposit... A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function. Scope: local bookworm: open bullseye: resolved (fixed in 2.72.0-2+deb11u2) trixie: resolved (fixed in 2.74.3-10.1)

CVE-2025-14523 [HIGH] CVE-2025-14523: libsoup2.4 - A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a requ... A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepanc

CVE-2025-11021 [HIGH] CVE-2025-11021: libsoup3 - A flaw was found in the cookie date handling logic of the libsoup HTTP library, ... A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive in

CVE-2025-9901 [MEDIUM] CVE-2025-9901: libsoup2.4 - A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary ... A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive

CVE-2025-32053 [MEDIUM] CVE-2025-32053: libsoup2.4 - A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_in... A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. Scope: local bookworm: open bullseye: resolved (fixed in 2.72.0-2+deb11u2) trixie: resolved (fixed in 2.74.3-10)

CVE-2025-32912 [MEDIUM] CVE-2025-32912: libsoup2.4 - A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointe... A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash. Scope: local bookworm: open bullseye: resolved (fixed in 2.72.0-2+deb11u2) trixie: resolved (fixed in 2.74.3-10.1)

CVE-2025-46420 [MEDIUM] CVE-2025-46420: libsoup2.4 - A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header... A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes. Scope: local bookworm: open bullseye: open trixie: resolved (fixed in 2.74.3-10.1)

CVE-2025-4476 [MEDIUM] CVE-2025-4476: libsoup2.4 - A denial-of-service vulnerability has been identified in the libsoup HTTP client... A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. A

CVE-2025-32052 [MEDIUM] CVE-2025-32052: libsoup2.4 - A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may... A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. Scope: local bookworm: open bullseye: resolved (fixed in 2.72.0-2+deb11u2) trixie: resolved (fixed in 2.74.3-10)

CVE-2025-32909 [MEDIUM] CVE-2025-32909: libsoup2.4 - A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL poin... A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash. Scope: local bookworm: open bullseye: resolved (fixed in 2.72.0-2+deb11u2) trixie: resolved (fixed in 2.74.3-10.1)

CVE-2025-4969 [MEDIUM] CVE-2025-4969: libsoup2.4 - A vulnerability was found in the libsoup package. This flaw stems from its failu... A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read). Scope: local bookworm: open bu

CVE-2025-32050 [MEDIUM] CVE-2025-32050: libsoup2.4 - A flaw was found in libsoup. The libsoup append_param_quoted() function may cont... A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. Scope: local bookworm: open bullseye: resolved (fixed in 2.72.0-2+deb11u2) trixie: resolved (fixed in 2.74.3-10)

CVE-2025-32907 [MEDIUM] CVE-2025-32907: libsoup2.4 - A flaw was found in libsoup. The implementation of HTTP range requests is vulner... A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service. Scope: local bookworm: open bullseye: open t

CVE-2025-46421 [MEDIUM] CVE-2025-46421: libsoup2.4 - A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, th... A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect. Scope: local bookworm: open bullseye: open trixie: open

CVE-2025-32910 [MEDIUM] CVE-2025-32910: libsoup2.4 - A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable... A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash. Scope: local bookworm: open bullseye: resolved (fixed in 2.72.0-2+deb11u2) trixie: resolved (fixed in 2.74.3-10.1)

CVE-2025-4035 [MEDIUM] CVE-2025-4035: libsoup2.4 - A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly a... A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity