Search for packages
| purl | pkg:deb/debian/libsoup2.4@2.72.0-2?distro=trixie |
| Next non-vulnerable version | 2.72.0-2+deb11u1 |
| Latest non-vulnerable version | 2.74.3-10 |
| Risk | 3.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-htuv-qv35-gycj
Aliases: CVE-2025-46420 |
libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c |
Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1sfd-nkd4-5fej | libsoup: Segmentation fault when parsing malformed data URI |
CVE-2025-32051
|
| VCID-24tr-cene-gfch | libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value |
CVE-2025-32911
|
| VCID-2fpq-q21y-83a7 | A vulnerability in libsoup might allow remote attackers to execute arbitrary code. |
CVE-2017-2885
|
| VCID-4m39-v7d7-1ba7 | libsoup: Integer overflow in append_param_quoted |
CVE-2025-32050
|
| VCID-6skx-v6sg-53gq | libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content |
CVE-2025-2784
|
| VCID-7hhg-3u9v-nqfw | libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup |
CVE-2025-4945
|
| VCID-9uua-rxjd-fkf6 | libsoup: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c |
CVE-2025-4969
|
| VCID-9vuw-57ex-k7ez | security update |
CVE-2018-12910
|
| VCID-athp-xk5g-jbhu | libsoup: NULL Pointer Dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c |
CVE-2025-32909
|
| VCID-f481-8mb7-dbed | libsoup: Null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an Unauthorized response with Digest authentication |
CVE-2025-32910
|
| VCID-fwhq-2jj5-wka3 | libsoup: heap-based over-read in soup_ntlm_parse_challenge() in soup-auth-ntlm.c |
CVE-2019-17266
|
| VCID-k9bu-zasm-vfgr | libsoup: NULL pointer dereference in client when server omits the "nonce" parameter in an Unauthorized response with Digest authentication |
CVE-2025-32912
|
| VCID-ku6w-4wsv-qbe4 | libsoup: Out of bounds reads in soup_headers_parse_request() |
CVE-2025-32906
|
| VCID-mxjn-d8v7-8ubc | libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion |
CVE-2025-12105
|
| VCID-qfjx-uc2n-3yde | This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. |
CVE-2011-2524
|
| VCID-rd74-1427-eybf | libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup |
CVE-2025-4948
|
| VCID-sabm-gujq-j3fb | libsoup: Null pointer dereference in libsoup may lead to Denial Of Service |
CVE-2025-4476
|
| VCID-svba-hf1d-y7ez | libsoup: HTTP request smuggling via stripping null bytes from the ends of header names |
CVE-2024-52530
|
| VCID-uk2y-997k-4qat | libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict |
CVE-2024-52531
|
| VCID-v11f-c1ed-j7d1 | libsoup: Denial of service on libsoup through HTTP/2 server |
CVE-2025-32908
|
| VCID-v9pv-qh9a-97g9 | libsoup: infinite loop while reading websocket data |
CVE-2024-52532
|
| VCID-yx68-81fu-ffar | libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process |
CVE-2025-32914
|
| VCID-zhp7-2ks9-m7es | libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header |
CVE-2025-32913
|
| VCID-zrmu-bwfg-e3hp | libsoup: Heap buffer overflow in sniff_unknown() |
CVE-2025-32052
|
| VCID-zsdd-pzyb-nbdf | libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() |
CVE-2025-32053
|