Logo
vulnerabilityCVE-2025-32911
Name
CVE-2025-32911
Source
NVD ( link)Debian ( link)
Description
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
CWEs
CWE-590
Published Date
Updated Date
Workaround
-
Advisories

Analysis#

Affected Component
Analysis
libsoup
Patched
libsoup
Patched
libsoup-2.4
Patched

Vulnerability Ratings#

9
CVSSv31
NaN
other

Others affected components#

Name
Project
Project Version
Version
Status
libsoup
buildroot
2025.02.x
2.74.3
Patched
libsoup
buildroot
master
2.74.3
Patched
libsoup3
openwrt
master
3.7.1-r2
Not Affected
libsoup3
openwrt
openwrt-25.12
3.6.5-r1
Not Affected
libsoup
yocto
master
3.6.6
Not Affected
libsoup
yocto
scarthgap
3.4.4
Patched
libsoup-2.4
yocto
scarthgap
2.74.3
Patched

Resolved with patches#

libsoup (buildroot:2025.02.x)

#
Title
Author
Resolve
1
CVE-2025-32911
Changqing Li <changqing.li@windriver.com>
CVE-2025-32911
CVE-2025-32913

libsoup (buildroot:master)

#
Title
Author
Resolve
1
CVE-2025-32911
Changqing Li <changqing.li@windriver.com>
CVE-2025-32911
CVE-2025-32913

libsoup (yocto:kirkstone)

#
Title
Author
Resolve
1
soup_message_headers_get_content_disposition: strdup
Patrick Griffis <pgriffis@igalia.com>
CVE-2025-32911
CVE-2025-32913
2
soup_message_headers_get_content_disposition: Fix NULL deref
Patrick Griffis <pgriffis@igalia.com>
CVE-2025-32911
CVE-2025-32913

libsoup-2.4 (yocto:kirkstone)

#
Title
Author
Resolve
1
soup_message_headers_get_content_disposition: strdup
Patrick Griffis <pgriffis@igalia.com>
CVE-2025-32911
CVE-2025-32913
2
soup_message_headers_get_content_disposition: Fix NULL deref
Patrick Griffis <pgriffis@igalia.com>
CVE-2025-32911
CVE-2025-32913

libsoup-2.4 (yocto:scarthgap)

#
Title
Author
Resolve
1
soup_message_headers_get_content_disposition: strdup
Patrick Griffis <pgriffis@igalia.com>
CVE-2025-32911
CVE-2025-32913
2
soup_message_headers_get_content_disposition: Fix NULL deref
Patrick Griffis <pgriffis@igalia.com>
CVE-2025-32911
CVE-2025-32913