Threats Tagged 'cve-2025-32913'

Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 9.4 Extended Update Support and related variants. These include integer overflow, heap buffer overflows, out-of-bounds reads, denial of service, double free, null pointer dereference, information disclosure, and memory leak issues. The vulnerabilities are addressed in an update provided by Red Hat. Users of affected Red Hat Enterprise Linux 9.4 Extended Update Support versions should apply the security update to remediate these issues.

Multiple security vulnerabilities have been identified and fixed in the libsoup HTTP client and server library for GNOME, as addressed by Red Hat in their security advisory RHSA-2025:4508. These include integer overflows, heap buffer overflows, out-of-bounds reads, denial of service, double free, null pointer dereference, information disclosure, and memory leaks. The vulnerabilities affect Red Hat Enterprise Linux 9.2 variants and related products. Red Hat has released updated packages to remediate these issues.

Multiple security vulnerabilities were identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 8.2. These include out-of-bounds reads, double free, NULL pointer dereference, information disclosure via improper Authorization header forwarding, and memory leaks. Red Hat has issued a security advisory (RHSA-2025:4538) addressing these issues with updated packages. The vulnerabilities have been rated as having an important security impact. No confirmed exploits in the wild are reported. Users are advised to apply the provided updates to remediate these issues.

Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 8. These include integer overflows, heap buffer overflows, out-of-bounds reads, double free errors, null pointer dereferences, information disclosure, and memory leaks. The vulnerabilities are addressed in an important security update released by Red Hat. The update fixes several CVEs including CVE-2025-32050, CVE-2025-32052, CVE-2025-32053, CVE-2025-32906, CVE-2025-32911, CVE-2025-32913, CVE-2025-46420, and CVE-2025-46421. The advisory covers multiple architectures including x86_64, s390x, ppc64le, and aarch64. No known exploits in the wild have been reported at this time.

Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 8.8 Extended Update Support. These include integer overflow, heap buffer overflows, out of bounds reads, double free, NULL pointer dereference, information disclosure, and memory leak issues. The vulnerabilities are rated with high severity by Red Hat Product Security. An update addressing these issues is available for affected Red Hat Enterprise Linux 8.8 Extended Update Support versions.

Multiple vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, including out-of-bounds reads, double free, NULL pointer dereference, information disclosure, and memory leaks. These issues affect Red Hat Enterprise Linux 8.4 variants and are rated with an important security impact by Red Hat. The vulnerabilities could lead to crashes, memory corruption, or unintended information disclosure. Red Hat has released security updates addressing these issues.

Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 8.6 variants. These include out-of-bounds reads, double free, NULL pointer dereference, information disclosure via improper Authorization header handling on redirects, and memory leaks. Red Hat has issued an important security advisory with updates addressing these issues. The vulnerabilities have been assigned CVE identifiers CVE-2025-32906, CVE-2025-32911, CVE-2025-32913, CVE-2025-46420, and CVE-2025-46421. The advisory provides updated packages to remediate these flaws.

Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 9. These include integer overflow, heap buffer overflows, out-of-bounds reads, denial of service, double free, null pointer dereference, information disclosure, and memory leak issues. The vulnerabilities are addressed in a security update released by Red Hat. The update is rated as Important by Red Hat Product Security. Users of affected Red Hat Enterprise Linux 9 variants should apply the update to mitigate these issues.

MinGW Windows Freetype library. Security Fix(es): * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files (CVE-2025-27363) * libsoup: Integer overflow in append_param_quoted (CVE-2025-32050) * libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052) * libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (CVE-2025-32053) * libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906) * libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header (CVE-2025-32907) * libsoup: NULL Pointer Dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c (CVE-2025-32909) * libsoup: Null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an Unauthorized response with Digest authentication (CVE-2025-32910) * libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911) * libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.