Gnome Libsoup
9 CVEs affecting Gnome Libsoup. Latest disclosed: 2026-04-23. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-2885 | Critical | 9.8 | 2018-04-24 | An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resultin… |
CVE-2025-12105 | High | 7.5 | 2025-10-23 | A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communi… |
CVE-2026-2369 | Medium | 6.5 | 2026-03-19 | A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This… |
CVE-2024-52531 | Medium | 6.5 | 2024-11-11 | GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausib… |
CVE-2026-5119 | Medium | 5.9 | 2026-03-30 | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the… |
CVE-2026-4271 | Medium | 5.3 | 2026-03-17 | A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A… |
CVE-2026-2708 | Low | 3.7 | 2026-04-23 | A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-he… |
CVE-2012-2132 | | 2012-08-20 | libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass… | |
CVE-2011-2524 | | 2011-08-31 | Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded do… |