Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: 2025:1510-1 important: Multiple issues patched in libsoup

suse
Calendar Grey May 7, 2025
Dist Suse Esm H88
SUSE has issued a critical security patch for libcurl, tackling various vulnerabilities and improving overall system security.
* bsc#1240750 * bsc#1240752 * bsc#1240754 * bsc#1240756 * bsc#1240757

Summary

## This update for libsoup fixes the following issues: * CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750) * CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752) * CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI (bsc#1240754) * CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) * CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) * CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263) * CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222)

References

* bsc#1240750

* bsc#1240752

* bsc#1240754

* bsc#1240756

* bsc#1240757

* bsc#1241162

* bsc#1241164

* bsc#1241214

* bsc#1241222

* bsc#1241226

* bsc#1241252

* bsc#1241263

* bsc#1241686

* bsc#1241688

Cross-

* CVE-2025-2784

* CVE-2025-32050

* CVE-2025-32051

* CVE-2025-32052

* CVE-2025-32053

* CVE-2025-32906

* CVE-2025-32907

* CVE-2025-32909

* CVE-2025-32910

* CVE-2025-32912

* CVE-2025-32913

* CVE-2025-32914

* CVE-2025-46420

* CVE-2025-46421

CVSS scores:

* CVE-2025-2784 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2025-2784 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

* CVE-2025-2784 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

* CVE-2025-32050 ( SUSE ): 6.0

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:1510-1
Release Date: 2025-05-07T14:38:17Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here