Unrated severityNVD Advisory· Published Apr 3, 2025· Updated Nov 18, 2025

Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content

CVE-2025-2784

Description

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

Affected products

GNOME Foundation/Libsoupinferred
osv-coords44 versions
pkg:rpm/almalinux/libsoup pkg:rpm/almalinux/libsoup3 pkg:rpm/almalinux/libsoup3-devel pkg:rpm/almalinux/libsoup3-doc pkg:rpm/almalinux/libsoup-devel pkg:rpm/opensuse/libsoup2&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/libsoup2&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/libsoup&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/libsoup2&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/libsoup2&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/libsoup&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/libsoup&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/libsoup&distro=SUSE%20Manager%20Server%204.3
< 2.72.0-10.el9_6.2+ 43 more
- (no CPE)range: < 2.72.0-10.el9_6.2
- (no CPE)range: < 3.6.5-3.el10_0
- (no CPE)range: < 3.6.5-3.el10_0
- (no CPE)range: < 3.6.5-3.el10_0
- (no CPE)range: < 2.72.0-10.el9_6.2
- (no CPE)range: < 2.74.3-150600.4.6.1
- (no CPE)range: < 2.74.3-8.1
- (no CPE)range: < 3.4.4-150600.3.7.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.3-150600.4.6.1
- (no CPE)range: < 2.74.3-150600.4.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.68.4-150200.4.6.1
- (no CPE)range: < 2.68.4-150200.4.6.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 2.68.4-150200.4.6.1
- (no CPE)range: < 3.4.4-150600.3.7.1
- (no CPE)range: < 3.4.4-150600.3.7.1
- (no CPE)range: < 2.62.2-5.12.1
- (no CPE)range: < 2.68.4-150200.4.6.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 2.68.4-150200.4.6.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 2.62.2-5.12.1
- (no CPE)range: < 3.4.2-6.1
- (no CPE)range: < 3.4.4-slfo.1.1_3.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2025:21657mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2025:7505mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2025:8126mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2025:8132mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2025:8139mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2025:8140mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2025:8252mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2025:8480mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2025:8481mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2025:8482mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2025:8663mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2025:9179mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2025-2784mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
gitlab.gnome.org/GNOME/libsoup/-/issues/422mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000