CVE-2025-4948
Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
This update for libsoup2 fixes the following issues. Fixed integer underflow in soup_multipart_new_from_message leading to denial of service. Fixed off-by-one out-of-bounds read may lead to infoleak. Fixed out of bounds reads in soup_headers_parse_request. Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c. Fixed null pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication. Fixed double free on soup_message_headers_get_content_disposition via "params". Fixed NULL pointer dereference in SoupAuthDigest. Fixed NULL pointer dereference in soup_message_headers_get_content_disposition.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2025-05-19 CVE Reserved
- 2025-05-19 CVE Published
- 2025-06-17 CVE Updated
- 2025-06-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-191: Integer Underflow (Wrap or Wraparound)
CAPEC
References (13)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2025-4948 | 2025-05-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2367183 | 2025-05-19 | |
| https://access.redhat.com/errata/RHSA-2025:8126 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:8128 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:8132 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:8139 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:8140 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:8252 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:8480 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:8481 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:8482 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:8663 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:9179 | 2025-06-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
| Red Hat Search vendor "Red Hat" | Enterprise Linux Search vendor "Red Hat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Aus Search vendor "Redhat" for product "Rhel Aus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel E4s Search vendor "Redhat" for product "Rhel E4s" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Eus Search vendor "Redhat" for product "Rhel Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Tus Search vendor "Redhat" for product "Rhel Tus" | * | - |
Affected
| ||||||
| Alma Search vendor "Alma" | Linux Search vendor "Alma" for product "Linux" | * | - |
Affected
| ||||||
| Amazon Search vendor "Amazon" | Linux Search vendor "Amazon" for product "Linux" | * | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | * | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | * | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Aus Search vendor "Redhat" for product "Rhel Aus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel E4s Search vendor "Redhat" for product "Rhel E4s" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Els Search vendor "Redhat" for product "Rhel Els" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Eus Search vendor "Redhat" for product "Rhel Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Tus Search vendor "Redhat" for product "Rhel Tus" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-module-basesystem Search vendor "Suse" for product "Sle-module-basesystem" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc-espos Search vendor "Suse" for product "Sle Hpc-espos" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc-ltss Search vendor "Suse" for product "Sle Hpc-ltss" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc Search vendor "Suse" for product "Sle Hpc" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sled Search vendor "Suse" for product "Sled" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles-ltss-extended-security Search vendor "Suse" for product "Sles-ltss-extended-security" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles-ltss Search vendor "Suse" for product "Sles-ltss" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles Search vendor "Suse" for product "Sles" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles Sap Search vendor "Suse" for product "Sles Sap" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse-manager-proxy Search vendor "Suse" for product "Suse-manager-proxy" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse-manager-server Search vendor "Suse" for product "Suse-manager-server" | * | - |
Affected
| ||||||