Threats Tagged 'cve-2025-32053'

Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 9.4 Extended Update Support and related variants. These include integer overflow, heap buffer overflows, out-of-bounds reads, denial of service, double free, null pointer dereference, information disclosure, and memory leak issues. The vulnerabilities are addressed in an update provided by Red Hat. Users of affected Red Hat Enterprise Linux 9.4 Extended Update Support versions should apply the security update to remediate these issues.

Multiple security vulnerabilities have been identified and fixed in the libsoup HTTP client and server library for GNOME, as addressed by Red Hat in their security advisory RHSA-2025:4508. These include integer overflows, heap buffer overflows, out-of-bounds reads, denial of service, double free, null pointer dereference, information disclosure, and memory leaks. The vulnerabilities affect Red Hat Enterprise Linux 9.2 variants and related products. Red Hat has released updated packages to remediate these issues.

Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 8. These include integer overflows, heap buffer overflows, out-of-bounds reads, double free errors, null pointer dereferences, information disclosure, and memory leaks. The vulnerabilities are addressed in an important security update released by Red Hat. The update fixes several CVEs including CVE-2025-32050, CVE-2025-32052, CVE-2025-32053, CVE-2025-32906, CVE-2025-32911, CVE-2025-32913, CVE-2025-46420, and CVE-2025-46421. The advisory covers multiple architectures including x86_64, s390x, ppc64le, and aarch64. No known exploits in the wild have been reported at this time.

Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 8.8 Extended Update Support. These include integer overflow, heap buffer overflows, out of bounds reads, double free, NULL pointer dereference, information disclosure, and memory leak issues. The vulnerabilities are rated with high severity by Red Hat Product Security. An update addressing these issues is available for affected Red Hat Enterprise Linux 8.8 Extended Update Support versions.

Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 9. These include integer overflow, heap buffer overflows, out-of-bounds reads, denial of service, double free, null pointer dereference, information disclosure, and memory leak issues. The vulnerabilities are addressed in a security update released by Red Hat. The update is rated as Important by Red Hat Product Security. Users of affected Red Hat Enterprise Linux 9 variants should apply the update to mitigate these issues.

MinGW Windows Freetype library. Security Fix(es): * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files (CVE-2025-27363) * libsoup: Integer overflow in append_param_quoted (CVE-2025-32050) * libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052) * libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (CVE-2025-32053) * libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906) * libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header (CVE-2025-32907) * libsoup: NULL Pointer Dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c (CVE-2025-32909) * libsoup: Null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an Unauthorized response with Digest authentication (CVE-2025-32910) * libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911) * libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.