Alerts This Week
Warning Icon 1 975
Alerts This Week
Warning Icon 1 975

Mageia 9: libsoup3 Critical DoS Heap Overflow Issues MGASA-2025-0261

mageia
Calendar Grey November 5, 2025
Dist Mageia Esm H88
Understand the security fixes for libsoup3 in Mageia addressing major vulnerabilities and their impact.
MGASA-2025-0261 - Updated libsoup3 & libsoup packages fix security vulnerabilities

Summary

Description: Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content. (CVE-2025-2784) Libsoup: denial of service attack to websocket server. (CVE-2025-32049) Libsoup: integer overflow in append_param_quoted. (CVE-2025-32050) Libsoup: segmentation fault when parsing malformed data uri. (CVE-2025-32051) Libsoup: heap buffer overflow in sniff_unknown(). (CVE-2025-32052) Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space(). (CVE-2025-32053) Libsoup: out of bounds reads in soup_headers_parse_request(). (CVE-2025-32906) Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header. (CVE-2025-32907) Libsoup: denial of service on libsoup through http/2 server. (CVE-2025-32908) Libsoup: null pointer dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c. (CVE-2025-32909) Libsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth...

References

- https://bugs.mageia.org/show_bug.cgi?id=34187

- https://ubuntu.com/security/notices/USN-7432-1

- https://openwall.com/lists/oss-security/2025/04/18/4

-

- https://ubuntu.com/security/notices/USN-7543-1

-

- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/EPLHUVQI4JICGWTVGG7KI7D4BMHB34YD/

- https://www.cve.org/CVERecord?id=CVE-2025-2784

- https://www.cve.org/CVERecord?id=CVE-2025-32049

- https://www.cve.org/CVERecord?id=CVE-2025-32050

- https://www.cve.org/CVERecord?id=CVE-2025-32051

- https://www.cve.org/CVERecord?id=CVE-2025-32052

- https://www.cve.org/CVERecord?id=CVE-2025-32053

- https://www.cve.org/CVERecord?id=CVE-2025-32906

- https://www.cve.org/CVERecord?id=CVE-2025-32907

- https://www.cve.org/CVERecord?id=CVE-2025-32908

- https://www.cve.org/CVERecord?id=CVE-2025-32909

- https://www.cve.org/CVERecord?id=CVE-2025-32910

- https://www.cve.org/CVERecord?id=CVE-2025-32911

- https://www.cve.org/CVERecord?id=CVE-2025-32912

- https://www.cve.org/CVERecord?id=CVE-2025-32913

- https://www.cve.org/CVERecord?id=CVE-2025-32914

Topics%20covered

Topics Covered

security advisory DoS heap overflow CVE reference Mageia libsoup3

Resolution

SRPMS

- 9/core/libsoup3-3.4.2-1.2.mga9

- 9/core/libsoup-2.74.3-1.2.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 05 Nov 2025
URL: https://advisories.mageia.org/MGASA-2025-0261.html
Type: security
CVE: CVE-2025-2784, CVE-2025-32049, CVE-2025-32050, CVE-2025-32051, CVE-2025-32052, CVE-2025-32053, CVE-2025-32906, CVE-2025-32907, CVE-2025-32908, CVE-2025-32909, CVE-2025-32910, CVE-2025-32911, CVE-2025-32912, CVE-2025-32913, CVE-2025-32914

Topics%20covered

Topics Covered

security advisory DoS heap overflow CVE reference Mageia libsoup3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here