libsoup

The libsoup bug tracked as CVE-2025-32053 is a medium‑severity, remotely reachable heap buffer over‑read in the library’s feed/html sniffing code that can cause memory disclosure or crashes. Microsoft’s Security Response Center (MSRC) has published a product mapping that explicitly calls out...

The libsoup vulnerability tracked as CVE-2025-32052 — a heap buffer over-read in the library’s sniff_unknown() routine — is real, has been widely patched across Linux distributions, and is expressly called out by Microsoft on its Security Update Guide as affecting the Azure Linux distribution...

Libsoup’s URI decoder can be crashed by a malformed data: URI, creating a remotely triggerable denial‑of‑service that administrators and application developers must treat as an operational risk rather than a low‑importance parsing bug. Background / Overview Libsoup is the widely used HTTP...

A newly published vulnerability in the GNOME HTTP library libsoup — tracked as CVE-2025-32050 — exposes an integer overflow / buffer under-read in the library’s append_param_quoted() routine that can crash applications or leak memory and has already prompted coordinated vendor advisories and...

A subtle one‑byte out‑of‑bounds read in a content‑sniffing routine has forced a widespread emergency patching wave across Linux distributions and GNOME‑based stacks: CVE‑2025‑2784 is a heap buffer over‑read in libsoup’s content sniffer — specifically in the function that skips “insignificant”...

A libraries-layer bug in the GNOME HTTP stack has landed in the CVE database and in vendor advisories: CVE-2025-9901 describes a flaw in libsoup’s caching code, SoupCache, where the library can ignore the HTTP Vary header when deciding whether a cached response may be reused. The practical...

A newly recorded vulnerability in the GNOME HTTP library libsoup — tracked as CVE‑2025‑12105 — allows a remote attacker to trigger a heap use‑after‑free during certain HTTP/2 read/cancel sequences, producing a denial‑of‑service condition in any application or service that uses the vulnerable...

A newly disclosed vulnerability in GNOME’s HTTP library libsoup — tracked as CVE-2025-14523 — exposes a subtle but powerful mismatch in how duplicate Host headers are handled, creating a practical vector for virtual-host confusion, cache poisoning, and request‑smuggling–style bypasses when...