Search for packages
| purl | pkg:deb/debian/libsoup3@3.6.6-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1sfd-nkd4-5fej | libsoup: Segmentation fault when parsing malformed data URI |
CVE-2025-32051
|
| VCID-1vz1-x5py-dkg5 | A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data. |
CVE-2026-1539
|
| VCID-24tr-cene-gfch | libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value |
CVE-2025-32911
|
| VCID-3zqd-pcvp-a7ed | libsoup: SoupServer: Denial of Service via HTTP request smuggling |
CVE-2026-1760
|
| VCID-4m39-v7d7-1ba7 | libsoup: Integer overflow in append_param_quoted |
CVE-2025-32050
|
| VCID-4scr-ppqy-5ugf | libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header |
CVE-2025-32907
|
| VCID-6sbg-fgfs-43b6 | libsoup: Out-of-Bounds Read in libsoup handle_partial_get() Leading to Heap Information Disclosure |
CVE-2026-2443
|
| VCID-6skx-v6sg-53gq | libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content |
CVE-2025-2784
|
| VCID-7hhg-3u9v-nqfw | libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup |
CVE-2025-4945
|
| VCID-9uua-rxjd-fkf6 | libsoup: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c |
CVE-2025-4969
|
| VCID-athp-xk5g-jbhu | libsoup: NULL Pointer Dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c |
CVE-2025-32909
|
| VCID-cjwc-3fs8-17ef | libsoup: libsoup: HTTP Request Smuggling via malformed chunk headers |
CVE-2026-1801
|
| VCID-dnrq-3tff-nfc3 | libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing |
CVE-2026-0716
|
| VCID-f481-8mb7-dbed | libsoup: Null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an Unauthorized response with Digest authentication |
CVE-2025-32910
|
| VCID-htuv-qv35-gycj | libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c |
CVE-2025-46420
|
| VCID-k9bu-zasm-vfgr | libsoup: NULL pointer dereference in client when server omits the "nonce" parameter in an Unauthorized response with Digest authentication |
CVE-2025-32912
|
| VCID-ka6q-xta6-ukdp | libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response |
CVE-2026-1761
|
| VCID-ku6w-4wsv-qbe4 | libsoup: Out of bounds reads in soup_headers_parse_request() |
CVE-2025-32906
|
| VCID-mxjn-d8v7-8ubc | libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion |
CVE-2025-12105
|
| VCID-nbx2-3qh6-tqa3 | libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) |
CVE-2025-14523
|
| VCID-nu2x-tpra-4few | libsoup: libsoup: HTTP header injection or response splitting via CRLF injection in Content-Disposition header |
CVE-2026-1536
|
| VCID-rd74-1427-eybf | libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup |
CVE-2025-4948
|
| VCID-sabm-gujq-j3fb | libsoup: Null pointer dereference in libsoup may lead to Denial Of Service |
CVE-2025-4476
|
| VCID-sccj-juvj-5ud5 | libsoup: libsoup: HTTP header injection via specially crafted URLs when an HTTP proxy is configured |
CVE-2026-1467
|
| VCID-su51-s55e-hqdh | libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server |
CVE-2025-46421
|
| VCID-svba-hf1d-y7ez | libsoup: HTTP request smuggling via stripping null bytes from the ends of header names |
CVE-2024-52530
|
| VCID-tpky-j79x-pqd4 | libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library |
CVE-2025-11021
|
| VCID-uk2y-997k-4qat | libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict |
CVE-2024-52531
|
| VCID-v11f-c1ed-j7d1 | libsoup: Denial of service on libsoup through HTTP/2 server |
CVE-2025-32908
|
| VCID-v9pv-qh9a-97g9 | libsoup: infinite loop while reading websocket data |
CVE-2024-52532
|
| VCID-vsry-jr8n-zba8 | libsoup: libsoup: Buffer overread due to integer underflow when handling zero-length resources |
CVE-2026-2369
|
| VCID-yx68-81fu-ffar | libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process |
CVE-2025-32914
|
| VCID-zhp7-2ks9-m7es | libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header |
CVE-2025-32913
|
| VCID-zrmu-bwfg-e3hp | libsoup: Heap buffer overflow in sniff_unknown() |
CVE-2025-32052
|
| VCID-zsdd-pzyb-nbdf | libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() |
CVE-2025-32053
|