Source: libsoup3 Version: 3.6.5-1 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/libsoup/-/issues/449 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for libsoup3. CVE-2025-4948[0]: | A flaw was found in the soup_multipart_new_from_message() function | of the libsoup HTTP library, which is commonly used by GNOME and | other applications to handle web communications. The issue occurs | when the library processes specially crafted multipart messages. Due | to improper validation, an internal calculation can go wrong, | leading to an integer underflow. This can cause the program to | access invalid memory and crash. As a result, any application or | server using libsoup could be forced to exit unexpectedly, creating | a denial-of-service (DoS) risk. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-4948 https://www.cve.org/CVERecord?id=CVE-2025-4948 [1] https://gitlab.gnome.org/GNOME/libsoup/-/issues/449 Please adjust the affected versions in the BTS as needed. Regards, Salvatore

