Search for packages
| purl | pkg:deb/debian/libsoup3@3.2.3-0%2Bdeb12u2?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1vz1-x5py-dkg5
Aliases: CVE-2026-1539 |
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-3zqd-pcvp-a7ed
Aliases: CVE-2026-1760 |
libsoup: SoupServer: Denial of Service via HTTP request smuggling |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-4scr-ppqy-5ugf
Aliases: CVE-2025-32907 |
libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-6sbg-fgfs-43b6
Aliases: CVE-2026-2443 |
libsoup: Out-of-Bounds Read in libsoup handle_partial_get() Leading to Heap Information Disclosure |
Affected by 0 other vulnerabilities. |
|
VCID-7hhg-3u9v-nqfw
Aliases: CVE-2025-4945 |
libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9uua-rxjd-fkf6
Aliases: CVE-2025-4969 |
libsoup: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-cjwc-3fs8-17ef
Aliases: CVE-2026-1801 |
libsoup: libsoup: HTTP Request Smuggling via malformed chunk headers |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-dnrq-3tff-nfc3
Aliases: CVE-2026-0716 |
libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ka6q-xta6-ukdp
Aliases: CVE-2026-1761 |
libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mxjn-d8v7-8ubc
Aliases: CVE-2025-12105 |
libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-nbx2-3qh6-tqa3
Aliases: CVE-2025-14523 |
libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-nu2x-tpra-4few
Aliases: CVE-2026-1536 |
libsoup: libsoup: HTTP header injection or response splitting via CRLF injection in Content-Disposition header |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-rd74-1427-eybf
Aliases: CVE-2025-4948 |
libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-sabm-gujq-j3fb
Aliases: CVE-2025-4476 |
libsoup: Null pointer dereference in libsoup may lead to Denial Of Service |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-sccj-juvj-5ud5
Aliases: CVE-2026-1467 |
libsoup: libsoup: HTTP header injection via specially crafted URLs when an HTTP proxy is configured |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tpky-j79x-pqd4
Aliases: CVE-2025-11021 |
libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-v11f-c1ed-j7d1
Aliases: CVE-2025-32908 |
libsoup: Denial of service on libsoup through HTTP/2 server |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-vsry-jr8n-zba8
Aliases: CVE-2026-2369 |
libsoup: libsoup: Buffer overread due to integer underflow when handling zero-length resources |
Affected by 0 other vulnerabilities. |
|
VCID-yx68-81fu-ffar
Aliases: CVE-2025-32914 |
libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zhp7-2ks9-m7es
Aliases: CVE-2025-32913 |
libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1sfd-nkd4-5fej | libsoup: Segmentation fault when parsing malformed data URI |
CVE-2025-32051
|
| VCID-24tr-cene-gfch | libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value |
CVE-2025-32911
|
| VCID-4m39-v7d7-1ba7 | libsoup: Integer overflow in append_param_quoted |
CVE-2025-32050
|
| VCID-6skx-v6sg-53gq | libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content |
CVE-2025-2784
|
| VCID-athp-xk5g-jbhu | libsoup: NULL Pointer Dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c |
CVE-2025-32909
|
| VCID-f481-8mb7-dbed | libsoup: Null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an Unauthorized response with Digest authentication |
CVE-2025-32910
|
| VCID-htuv-qv35-gycj | libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c |
CVE-2025-46420
|
| VCID-k9bu-zasm-vfgr | libsoup: NULL pointer dereference in client when server omits the "nonce" parameter in an Unauthorized response with Digest authentication |
CVE-2025-32912
|
| VCID-ku6w-4wsv-qbe4 | libsoup: Out of bounds reads in soup_headers_parse_request() |
CVE-2025-32906
|
| VCID-su51-s55e-hqdh | libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server |
CVE-2025-46421
|
| VCID-svba-hf1d-y7ez | libsoup: HTTP request smuggling via stripping null bytes from the ends of header names |
CVE-2024-52530
|
| VCID-uk2y-997k-4qat | libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict |
CVE-2024-52531
|
| VCID-v9pv-qh9a-97g9 | libsoup: infinite loop while reading websocket data |
CVE-2024-52532
|
| VCID-zrmu-bwfg-e3hp | libsoup: Heap buffer overflow in sniff_unknown() |
CVE-2025-32052
|
| VCID-zsdd-pzyb-nbdf | libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() |
CVE-2025-32053
|