Search for packages
| purl | pkg:deb/debian/libsoup2.4@2.74.3-1%2Bdeb12u1?distro=trixie |
| Next non-vulnerable version | 2.74.3-8.1 |
| Latest non-vulnerable version | 2.74.3-10 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-24tr-cene-gfch
Aliases: CVE-2025-32911 |
libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value |
Affected by 4 other vulnerabilities. |
|
VCID-4m39-v7d7-1ba7
Aliases: CVE-2025-32050 |
libsoup: Integer overflow in append_param_quoted |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-6skx-v6sg-53gq
Aliases: CVE-2025-2784 |
libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-7hhg-3u9v-nqfw
Aliases: CVE-2025-4945 |
libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup | There are no reported fixed by versions. |
|
VCID-9uua-rxjd-fkf6
Aliases: CVE-2025-4969 |
libsoup: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c | There are no reported fixed by versions. |
|
VCID-athp-xk5g-jbhu
Aliases: CVE-2025-32909 |
libsoup: NULL Pointer Dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c |
Affected by 4 other vulnerabilities. |
|
VCID-f481-8mb7-dbed
Aliases: CVE-2025-32910 |
libsoup: Null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an Unauthorized response with Digest authentication |
Affected by 4 other vulnerabilities. |
|
VCID-htuv-qv35-gycj
Aliases: CVE-2025-46420 |
libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c |
Affected by 4 other vulnerabilities. |
|
VCID-k9bu-zasm-vfgr
Aliases: CVE-2025-32912 |
libsoup: NULL pointer dereference in client when server omits the "nonce" parameter in an Unauthorized response with Digest authentication |
Affected by 4 other vulnerabilities. |
|
VCID-ku6w-4wsv-qbe4
Aliases: CVE-2025-32906 |
libsoup: Out of bounds reads in soup_headers_parse_request() |
Affected by 4 other vulnerabilities. |
|
VCID-rd74-1427-eybf
Aliases: CVE-2025-4948 |
libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup | There are no reported fixed by versions. |
|
VCID-sabm-gujq-j3fb
Aliases: CVE-2025-4476 |
libsoup: Null pointer dereference in libsoup may lead to Denial Of Service | There are no reported fixed by versions. |
|
VCID-yx68-81fu-ffar
Aliases: CVE-2025-32914 |
libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process |
Affected by 4 other vulnerabilities. |
|
VCID-zhp7-2ks9-m7es
Aliases: CVE-2025-32913 |
libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header |
Affected by 4 other vulnerabilities. |
|
VCID-zrmu-bwfg-e3hp
Aliases: CVE-2025-32052 |
libsoup: Heap buffer overflow in sniff_unknown() |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-zsdd-pzyb-nbdf
Aliases: CVE-2025-32053 |
libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1sfd-nkd4-5fej | libsoup: Segmentation fault when parsing malformed data URI |
CVE-2025-32051
|
| VCID-2fpq-q21y-83a7 | A vulnerability in libsoup might allow remote attackers to execute arbitrary code. |
CVE-2017-2885
|
| VCID-9vuw-57ex-k7ez | security update |
CVE-2018-12910
|
| VCID-fwhq-2jj5-wka3 | libsoup: heap-based over-read in soup_ntlm_parse_challenge() in soup-auth-ntlm.c |
CVE-2019-17266
|
| VCID-mxjn-d8v7-8ubc | libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion |
CVE-2025-12105
|
| VCID-qfjx-uc2n-3yde | This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. |
CVE-2011-2524
|
| VCID-svba-hf1d-y7ez | libsoup: HTTP request smuggling via stripping null bytes from the ends of header names |
CVE-2024-52530
|
| VCID-uk2y-997k-4qat | libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict |
CVE-2024-52531
|
| VCID-v11f-c1ed-j7d1 | libsoup: Denial of service on libsoup through HTTP/2 server |
CVE-2025-32908
|
| VCID-v9pv-qh9a-97g9 | libsoup: infinite loop while reading websocket data |
CVE-2024-52532
|