Red Hat Security Advisory: libsoup security update
The libsoup packages provide an HTTP client and server library for GNOME. Security Fix(es): * libsoup: Integer overflow in append_param_quoted (CVE-2025-32050) * libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052) * libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (CVE-2025-32053) * libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906) * libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header (CVE-2025-32907) * libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911) * libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913) * libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server (CVE-2025-46421) * libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c (CVE-2025-46420) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat Security Advisory: libsoup security update
Description
The libsoup packages provide an HTTP client and server library for GNOME. Security Fix(es): * libsoup: Integer overflow in append_param_quoted (CVE-2025-32050) * libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052) * libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (CVE-2025-32053) * libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906) * libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header (CVE-2025-32907) * libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911) * libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913) * libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server (CVE-2025-46421) * libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c (CVE-2025-46420) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:4440
- Cve Count
- 9
- Additional Cves
- ["CVE-2025-32052","CVE-2025-32053","CVE-2025-32906","CVE-2025-32907","CVE-2025-32911","CVE-2025-32913","CVE-2025-46420","CVE-2025-46421"]
- Cvss Version
- null
Threat ID: 6a4049ec27e9c79719836fa4
Added to database: 06/27/2026, 22:08:44 UTC
Last updated: 06/27/2026, 22:08:44 UTC
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.