| Package | libsoup2.4 |
|---|---|
| Version | 2.56.0-2+deb9u4 (stretch), 2.64.2-2+deb10u2 (buster) |
| Related CVEs | CVE-2025-2784 CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911 CVE-2025-32912 CVE-2025-32913 CVE-2025-32914 |
Multiple issues has been identified in libsoup2.4. This update contains fixes for a few of them that has previously been adressed in LTS and newer releases. Additional updates will come when more of the recently allocated CVE ids have been analyzed.
CVE-2025-2784: heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
CVE-2025-32050: libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
CVE-2025-32052: vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
CVE-2025-32053: vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
CVE-2025-32906: soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
CVE-2025-32909: SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.
CVE-2025-32910: soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.
CVE-2025-32911: use-after-free memory issue not on the heap in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
CVE-2025-32913: the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
CVE-2025-32914: the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
CVE-2025-32912: SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.
Additionally for buster an updated test certificate was included that extends the expiration to year 2049.
For Debian 10 buster, these problems have been fixed in version 2.64.2-2+deb10u2.
For Debian 9 stretch, these problems have been fixed in version 2.56.0-2+deb9u4.
We recommend that you upgrade your libsoup2.4 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.