The libsoup library used in GNOME for HTTP client and server functionality contains multiple vulnerabilities: an integer overflow in append_param_quoted (CVE-2025-32050), heap buffer overflows in sniff_unknown (CVE-2025-32052) and sniff_feed_or_html and skip_insignificant_space (CVE-2025-32053), out-of-bounds reads in soup_headers_parse_request (CVE-2025-32906), denial of service via overlapping Range header requests (CVE-2025-32907), double free in soup_message_headers_get_content_disposition (CVE-2025-32911), null pointer dereference in the same function when filename parameter is empty (CVE-2025-32913), memory leak in soup_header_parse_quality_list (CVE-2025-46420), and information disclosure due to improper Authorization header handling on redirects (CVE-2025-46421). Red Hat has released updated libsoup packages for Red Hat Enterprise Linux 9.2 to address these issues as detailed in advisory RHSA-2025:4508.

These vulnerabilities collectively can lead to memory corruption issues such as buffer overflows and double frees, which may cause application crashes or potentially enable code execution. The denial of service vulnerability can disrupt server availability by exploiting overlapping Range header requests. The information disclosure flaw may cause sensitive Authorization headers to be sent to unintended hosts during redirects. Memory leaks and null pointer dereferences may degrade application stability and reliability. The overall impact is rated as high by Red Hat Product Security.

Red Hat has released updated libsoup packages for Red Hat Enterprise Linux 9.2 as part of advisory RHSA-2025:4508. Applying these official security updates will remediate the identified vulnerabilities. Users should follow Red Hat's guidance at https://access.redhat.com/articles/11258 to update affected systems. No additional mitigations are specified or required beyond applying the provided patches.