Vulnerability - CVE-2025-46420

Name

CVE-2025-46420

Source

NVD ( link)Debian ( link)

Description

A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.

CWEs

CWE-401

Published Date

Apr 24, 2025

Updated Date

Jun 17, 2026

Workaround

Advisories

Analysis#

Affected Component

Analysis

libsoup

Patched

Vulnerability Ratings#

6.5

CVSSv31

NaN

other

Others affected components#

Name

Project

Project Version

Version

Status

libsoup

buildroot

master

2.74.3

Patched

libsoup3

openwrt

master

3.7.1-r2

Not Affected

libsoup3

openwrt

openwrt-25.12

3.6.5-r1

Not Affected

libsoup

yocto

kirkstone

3.0.7

Patched

libsoup

yocto

master

3.6.6

Not Affected

libsoup

yocto

scarthgap

3.4.4

Patched

Resolved with patches#

libsoup (buildroot:2025.02.x)

Title

Author

Resolve

soup_header_parse_quality_list: Fix leak

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-46420

libsoup (buildroot:master)

Title

Author

Resolve

soup_header_parse_quality_list: Fix leak

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-46420

libsoup (yocto:kirkstone)

Title

Author

Resolve

soup_header_parse_quality_list: Fix leak

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-46420