Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libsoup2.4@2.74.3-10.1?distro=trixie
purl pkg:deb/debian/libsoup2.4@2.74.3-10.1?distro=trixie
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.4
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-7hhg-3u9v-nqfw
Aliases:
CVE-2025-4945
libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup There are no reported fixed by versions.
VCID-9uua-rxjd-fkf6
Aliases:
CVE-2025-4969
libsoup: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c There are no reported fixed by versions.
VCID-rd74-1427-eybf
Aliases:
CVE-2025-4948
libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup There are no reported fixed by versions.
VCID-sabm-gujq-j3fb
Aliases:
CVE-2025-4476
libsoup: Null pointer dereference in libsoup may lead to Denial Of Service There are no reported fixed by versions.
Vulnerabilities fixed by this package (22)
Vulnerability Summary Aliases
VCID-1sfd-nkd4-5fej libsoup: Segmentation fault when parsing malformed data URI CVE-2025-32051
VCID-24tr-cene-gfch libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value CVE-2025-32911
VCID-2fpq-q21y-83a7 A vulnerability in libsoup might allow remote attackers to execute arbitrary code. CVE-2017-2885
VCID-4m39-v7d7-1ba7 libsoup: Integer overflow in append_param_quoted CVE-2025-32050
VCID-6skx-v6sg-53gq libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content CVE-2025-2784
VCID-9vuw-57ex-k7ez security update CVE-2018-12910
VCID-athp-xk5g-jbhu libsoup: NULL Pointer Dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c CVE-2025-32909
VCID-f481-8mb7-dbed libsoup: Null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an Unauthorized response with Digest authentication CVE-2025-32910
VCID-fwhq-2jj5-wka3 libsoup: heap-based over-read in soup_ntlm_parse_challenge() in soup-auth-ntlm.c CVE-2019-17266
VCID-htuv-qv35-gycj libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c CVE-2025-46420
VCID-k9bu-zasm-vfgr libsoup: NULL pointer dereference in client when server omits the "nonce" parameter in an Unauthorized response with Digest authentication CVE-2025-32912
VCID-ku6w-4wsv-qbe4 libsoup: Out of bounds reads in soup_headers_parse_request() CVE-2025-32906
VCID-mxjn-d8v7-8ubc libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion CVE-2025-12105
VCID-qfjx-uc2n-3yde This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. CVE-2011-2524
VCID-svba-hf1d-y7ez libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530
VCID-uk2y-997k-4qat libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict CVE-2024-52531
VCID-v11f-c1ed-j7d1 libsoup: Denial of service on libsoup through HTTP/2 server CVE-2025-32908
VCID-v9pv-qh9a-97g9 libsoup: infinite loop while reading websocket data CVE-2024-52532
VCID-yx68-81fu-ffar libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process CVE-2025-32914
VCID-zhp7-2ks9-m7es libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header CVE-2025-32913
VCID-zrmu-bwfg-e3hp libsoup: Heap buffer overflow in sniff_unknown() CVE-2025-32052
VCID-zsdd-pzyb-nbdf libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() CVE-2025-32053

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:40:57.667993+00:00 Debian Importer Fixing VCID-1sfd-nkd4-5fej https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:38:59.031825+00:00 Debian Importer Fixing VCID-2fpq-q21y-83a7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:13:51.450983+00:00 Debian Importer Fixing VCID-v9pv-qh9a-97g9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:01:14.254630+00:00 Debian Importer Fixing VCID-9vuw-57ex-k7ez https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:58:25.041296+00:00 Debian Importer Fixing VCID-fwhq-2jj5-wka3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:38:32.745858+00:00 Debian Importer Fixing VCID-qfjx-uc2n-3yde https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:29:13.585587+00:00 Debian Importer Fixing VCID-uk2y-997k-4qat https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:08:43.366094+00:00 Debian Importer Fixing VCID-v11f-c1ed-j7d1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:46:58.617152+00:00 Debian Importer Fixing VCID-mxjn-d8v7-8ubc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:57:55.930952+00:00 Debian Importer Fixing VCID-svba-hf1d-y7ez https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:41:32.052427+00:00 Debian Importer Fixing VCID-1sfd-nkd4-5fej https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:40:06.753010+00:00 Debian Importer Fixing VCID-2fpq-q21y-83a7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:38:12.058886+00:00 Debian Importer Fixing VCID-v9pv-qh9a-97g9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:28:50.779294+00:00 Debian Importer Fixing VCID-9vuw-57ex-k7ez https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:26:39.814106+00:00 Debian Importer Fixing VCID-fwhq-2jj5-wka3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:11:40.920904+00:00 Debian Importer Fixing VCID-qfjx-uc2n-3yde https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:04:40.424805+00:00 Debian Importer Fixing VCID-uk2y-997k-4qat https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:48:53.155548+00:00 Debian Importer Fixing VCID-v11f-c1ed-j7d1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:32:02.651499+00:00 Debian Importer Fixing VCID-mxjn-d8v7-8ubc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:00:52.521385+00:00 Debian Importer Fixing VCID-svba-hf1d-y7ez https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:29:38.425801+00:00 Debian Importer Affected by VCID-9uua-rxjd-fkf6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:38.386581+00:00 Debian Importer Affected by VCID-rd74-1427-eybf https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:38.347297+00:00 Debian Importer Affected by VCID-7hhg-3u9v-nqfw https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:38.314422+00:00 Debian Importer Fixing VCID-htuv-qv35-gycj https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:38.270665+00:00 Debian Importer Affected by VCID-sabm-gujq-j3fb https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:38.237722+00:00 Debian Importer Fixing VCID-yx68-81fu-ffar https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:38.186018+00:00 Debian Importer Fixing VCID-zhp7-2ks9-m7es https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:38.142136+00:00 Debian Importer Fixing VCID-k9bu-zasm-vfgr https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:38.099511+00:00 Debian Importer Fixing VCID-24tr-cene-gfch https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:38.055948+00:00 Debian Importer Fixing VCID-f481-8mb7-dbed https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:38.012206+00:00 Debian Importer Fixing VCID-athp-xk5g-jbhu https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.968647+00:00 Debian Importer Fixing VCID-v11f-c1ed-j7d1 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.922019+00:00 Debian Importer Fixing VCID-ku6w-4wsv-qbe4 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.867922+00:00 Debian Importer Fixing VCID-zsdd-pzyb-nbdf https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.813271+00:00 Debian Importer Fixing VCID-zrmu-bwfg-e3hp https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.770068+00:00 Debian Importer Fixing VCID-1sfd-nkd4-5fej https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.724903+00:00 Debian Importer Fixing VCID-4m39-v7d7-1ba7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.658230+00:00 Debian Importer Fixing VCID-6skx-v6sg-53gq https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.605819+00:00 Debian Importer Fixing VCID-mxjn-d8v7-8ubc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.563200+00:00 Debian Importer Fixing VCID-v9pv-qh9a-97g9 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.516197+00:00 Debian Importer Fixing VCID-uk2y-997k-4qat https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.466026+00:00 Debian Importer Fixing VCID-svba-hf1d-y7ez https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.424389+00:00 Debian Importer Fixing VCID-fwhq-2jj5-wka3 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.384084+00:00 Debian Importer Fixing VCID-9vuw-57ex-k7ez https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.349530+00:00 Debian Importer Fixing VCID-2fpq-q21y-83a7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:37.308405+00:00 Debian Importer Fixing VCID-qfjx-uc2n-3yde https://security-tracker.debian.org/tracker/data/json 38.1.0