libsoup2 (SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS package libsoup2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (28)
CVE-2025-32911 — CVSS 9.0 (critical): A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows…
CVE-2026-1761 — CVSS 8.6 (high): A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an…
CVE-2026-0719 — CVSS 8.6 (high): A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network…
CVE-2025-14523 — CVSS 8.2 (high): A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side…
CVE-2025-4948 — CVSS 7.5 (high): A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other…
CVE-2025-32913 — CVSS 7.5 (high): A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference…
CVE-2025-32049 — CVSS 7.5 (high): A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory…
CVE-2025-32906 — CVSS 7.5 (high): A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a…
CVE-2025-32914 — CVSS 7.4 (high): A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows…
CVE-2025-2784 — CVSS 7.0 (high): A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace()…
CVE-2025-46421 — CVSS 6.8 (medium): A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new…
CVE-2026-2369 — CVSS 6.5 (medium): A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a…
CVE-2025-32052 — CVSS 6.5 (medium): A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
CVE-2025-32053 — CVSS 6.5 (medium): A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer…
CVE-2025-32910 — CVSS 6.5 (medium): A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the…
CVE-2025-32912 — CVSS 6.5 (medium): A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client…
CVE-2025-46420 — CVSS 6.5 (medium): A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list…
CVE-2025-4969 — CVSS 6.5 (medium): A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP…
CVE-2025-32050 — CVSS 5.9 (medium): A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
CVE-2026-1467 — CVSS 5.8 (medium): A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when…
CVE-2026-1539 — CVSS 5.8 (medium): A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When…
CVE-2025-32909 — CVSS 5.3 (medium): A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server…
CVE-2025-32907 — CVSS 5.3 (medium): A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a…
CVE-2026-1760 — CVSS 5.3 (medium): A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that…
CVE-2026-2443 — CVSS 5.3 (medium): A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers…
CVE-2026-0716 — CVSS 4.8 (medium): A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where…
CVE-2025-4476 — CVSS 4.3 (medium): A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client…
CVE-2026-2708 — CVSS 3.7 (low): A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in…