You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
data uri
About this tag
The data URI tag on WindowsForum.com covers security vulnerabilities related to data: URIs in widely used libraries. Recent discussions focus on denial-of-service attacks where malformed or oversized data: URIs can crash applications. Two specific CVEs are highlighted: CVE-2025-32051 affects Libsoup, a GNOME HTTP library, and CVE-2025-58754 affects Axios, a popular JavaScript HTTP client. Both vulnerabilities allow attackers to trigger memory exhaustion or crashes by sending crafted data: URIs. The tag provides guidance on mitigation, including upgrading to patched versions and implementing input validation. These topics are relevant for developers and system administrators managing Linux desktop environments or Node.js applications.
Libsoup’s URI decoder can be crashed by a malformed data: URI, creating a remotely triggerable denial‑of‑service that administrators and application developers must treat as an operational risk rather than a low‑importance parsing bug.
Background / Overview
Libsoup is the widely used HTTP...
Axios’s Node.js adapter will happily decode arbitrarily large data: URIs into memory, bypassing configured size limits and giving attackers an easy way to crash processes — a denial‑of‑service weakness tracked as CVE‑2025‑58754 that has been fixed in recent releases but remains a high‑risk issue...