libsoup3-doc (AlmaLinux:10) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:10 package libsoup3-doc, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (18)
CVE-2026-0719 — CVSS 8.6 (high): A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network…
CVE-2026-1761 — CVSS 8.6 (high): A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an…
CVE-2025-14523 — CVSS 8.2 (high): A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side…
CVE-2025-32906 — CVSS 7.5 (high): A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a…
CVE-2025-32908 — CVSS 7.5 (high): A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and…
CVE-2025-11021 — CVSS 7.5 (high): A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web…
CVE-2025-4948 — CVSS 7.5 (high): A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other…
CVE-2025-12105 — CVSS 7.5 (high): A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to…
CVE-2025-32049 — CVSS 7.5 (high): A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory…
CVE-2025-32914 — CVSS 7.4 (high): A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows…
CVE-2025-2784 — CVSS 7.0 (high): A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace()…
CVE-2025-46421 — CVSS 6.8 (medium): A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new…
CVE-2025-32912 — CVSS 6.5 (medium): A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client…
CVE-2026-5119 — CVSS 5.9 (medium): A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in…
CVE-2025-32907 — CVSS 5.3 (medium): A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a…
CVE-2026-4271 — CVSS 5.3 (medium): A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2…
CVE-2025-4035 — CVSS 4.3 (medium): A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the…
CVE-2025-4945 — CVSS 3.7 (low): A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability…