libsoup-devel (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package libsoup-devel, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (74)
CVE-2020-9850 — CVSS 9.8 (critical): A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari…
CVE-2020-9895 — CVSS 9.8 (critical): A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS…
CVE-2020-10018 — CVSS 9.8 (critical): WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue…
CVE-2025-32911 — CVSS 9.0 (critical): A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows…
CVE-2019-8766 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows…
CVE-2019-8782 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2…
CVE-2019-8783 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2…
CVE-2019-8808 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2…
CVE-2019-8811 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2…
CVE-2019-8812 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2…
CVE-2019-8814 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2…
CVE-2019-8815 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2…
CVE-2019-8816 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2…
CVE-2019-8819 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2…
CVE-2019-8820 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2…
CVE-2019-8710 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing…
CVE-2019-8743 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously…
CVE-2019-8823 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2…
CVE-2019-8835 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9…
CVE-2019-8844 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for…
CVE-2019-8846 — CVSS 8.8 (high): A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3…
CVE-2020-11793 — CVSS 8.8 (high): A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers…
CVE-2020-3865 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS…
CVE-2020-3868 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS…
CVE-2020-3895 — CVSS 8.8 (high): A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS…
CVE-2020-3897 — CVSS 8.8 (high): A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS…
CVE-2020-3899 — CVSS 8.8 (high): A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS…
CVE-2020-3900 — CVSS 8.8 (high): A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS…
CVE-2020-3901 — CVSS 8.8 (high): A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS…
CVE-2020-9802 — CVSS 8.8 (high): A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari…
CVE-2020-9803 — CVSS 8.8 (high): A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS…
CVE-2020-9806 — CVSS 8.8 (high): A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5…
CVE-2020-9807 — CVSS 8.8 (high): A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5…
CVE-2020-9893 — CVSS 8.8 (high): A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS…
CVE-2026-0719 — CVSS 8.6 (high): A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network…
CVE-2026-1761 — CVSS 8.6 (high): A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an…
CVE-2025-14523 — CVSS 8.2 (high): A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side…
CVE-2020-3864 — CVSS 7.8 (high): A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud…
CVE-2020-9862 — CVSS 7.8 (high): A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and…
CVE-2025-11021 — CVSS 7.5 (high): A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web…
CVE-2025-32913 — CVSS 7.5 (high): A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference…
CVE-2024-52532 — CVSS 7.5 (high): GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from…
CVE-2025-32906 — CVSS 7.5 (high): A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a…
CVE-2025-4948 — CVSS 7.5 (high): A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other…
CVE-2020-15503 — CVSS 7.5 (high): LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and…
CVE-2025-32049 — CVSS 7.5 (high): A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory…
CVE-2024-52530 — CVSS 7.5 (high): GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are…
CVE-2025-32914 — CVSS 7.4 (high): A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows…
CVE-2020-9843 — CVSS 7.1 (high): An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5…
CVE-2020-9805 — CVSS 7.1 (high): A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari…
CVE-2025-2784 — CVSS 7.0 (high): A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace()…
CVE-2025-46421 — CVSS 6.8 (medium): A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new…
CVE-2024-52531 — CVSS 6.5 (medium): GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict…
CVE-2025-46420 — CVSS 6.5 (medium): A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list…
CVE-2020-9915 — CVSS 6.5 (medium): An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS…
CVE-2025-32052 — CVSS 6.5 (medium): A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
CVE-2020-3862 — CVSS 6.5 (medium): A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1…
CVE-2025-32053 — CVSS 6.5 (medium): A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer…
CVE-2020-3867 — CVSS 6.1 (medium): A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari…
CVE-2020-3902 — CVSS 6.1 (medium): An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari…
CVE-2019-8625 — CVSS 6.1 (medium): A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows…
CVE-2020-9925 — CVSS 6.1 (medium): A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8…
CVE-2019-8764 — CVSS 6.1 (medium): A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content…
CVE-2019-8813 — CVSS 6.1 (medium): A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3…
CVE-2019-8771 — CVSS 6.1 (medium): This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web…
CVE-2025-32050 — CVSS 5.9 (medium): A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
CVE-2026-5119 — CVSS 5.9 (medium): A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in…
CVE-2020-14391 — CVSS 5.5 (medium): A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer…
CVE-2020-9894 — CVSS 4.3 (medium): An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS…
CVE-2020-3885 — CVSS 4.3 (medium): A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for…
CVE-2019-8769 — CVSS 4.3 (medium): An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and…
CVE-2025-4945 — CVSS 3.7 (low): A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability…
CVE-2020-3894 — CVSS 3.1 (low): A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes…