Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE Linux Micro 6.0: 2025:20375-1 important: libsoup buffer overflow

suse
Calendar Grey June 12, 2025
Dist Suse Esm H88
The latest libsoup update addresses 16 vulnerabilities, notably significant buffer overflows and memory leaks in SUSE Linux Micro.
* bsc#1240750 * bsc#1240752 * bsc#1240754 * bsc#1240756 * bsc#1240757

Summary

## This update for libsoup fixes the following issues: * CVE-2025-2784: Fixed Heap buffer over-read in `skip_insignificant_space` when sniffing content (bsc#1240750) * CVE-2025-32050: Fixed Integer overflow in append_param_quoted (bsc#1240752) * CVE-2025-32051: Fixed Segmentation fault when parsing malformed data URI (bsc#1240754) * CVE-2025-32052: Fixed Heap buffer overflow in sniff_unknown() (bsc#1240756) * CVE-2025-32053: Fixed Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) * CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162) * CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164)

Topics%20covered

Topics Covered

security advisory buffer overflow important suse libsoup http requests

References

* bsc#1240750

* bsc#1240752

* bsc#1240754

* bsc#1240756

* bsc#1240757

* bsc#1241162

* bsc#1241164

* bsc#1241214

* bsc#1241222

* bsc#1241223

* bsc#1241226

* bsc#1241238

* bsc#1241252

* bsc#1241263

* bsc#1241686

* bsc#1241688

Cross-

* CVE-2025-2784

* CVE-2025-32050

* CVE-2025-32051

* CVE-2025-32052

* CVE-2025-32053

* CVE-2025-32906

* CVE-2025-32907

* CVE-2025-32908

* CVE-2025-32909

* CVE-2025-32910

* CVE-2025-32911

* CVE-2025-32912

* CVE-2025-32913

* CVE-2025-32914

* CVE-2025-46420

* CVE-2025-46421

CVSS scores:

* CVE-2025-2784 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2025-2784 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

* CVE-2025-2784 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

* CVE-2025-32050 ( SUSE ): 6.0

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20375-1
Release Date: 2025-05-29T09:18:30Z
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow important suse libsoup http requests

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here