SUSE: 2025:1503-1 important: libsoup2 patch for multiple threats

suse

May 7, 2025

* bsc#1240750 * bsc#1240752 * bsc#1240756 * bsc#1240757 * bsc#1241164

Summary

## This update for libsoup2 fixes the following issues: * CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750) * CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752) * CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) * CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) * CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222) * CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164) * CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via

Topics Covered

security advisory important memory leak SUSE libcurl HTTP threat

References

* bsc#1240750

* bsc#1240752

* bsc#1240756

* bsc#1240757

* bsc#1241164

* bsc#1241222

* bsc#1241686

* bsc#1241688

Cross-

* CVE-2025-2784

* CVE-2025-32050

* CVE-2025-32052

* CVE-2025-32053

* CVE-2025-32907

* CVE-2025-32914

* CVE-2025-46420

* CVE-2025-46421

CVSS scores:

* CVE-2025-2784 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2025-2784 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

* CVE-2025-2784 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

* CVE-2025-32050 ( SUSE ): 6.0

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-32050 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-32050 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2025:1503-1

Release Date: 2025-05-07T12:06:08Z

Rating: important

Topics Covered

security advisory important memory leak SUSE libcurl HTTP threat

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

SUSE: 2025:1503-1 important: libsoup2 patch for multiple threats

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

SUSE: 2025:1503-1 important: libsoup2 patch for multiple threats

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!