CVE-2025-32051
Description
A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A flaw in libsoup's `soup_uri_decode_data_uri()` function can crash via a malformed data URI, leading to a denial of service.
A denial-of-service vulnerability exists in libsoup up to version 3.6.0. The flaw resides in the soup_uri_decode_data_uri() function, which may crash when processing a specially crafted, malformed data URI [1][2]. The root cause is improper handling of malformed input, leading to a segmentation fault under certain conditions [2].
An attacker can trigger this crash by providing a data URI that does not conform to the expected format. The attack is network-based, as the URI would typically be parsed by an application using libsoup to handle incoming data. No authentication is required, making the attack vector accessible to any remote attacker able to deliver the malformed URI to the vulnerable library [1][2].
The primary impact is a denial of service (DoS), as the crash causes the application to terminate or become unavailable. The CVSS v3 base score is 5.9 (Medium), reflecting the ease of exploitation and the availability impact, but no impact on confidentiality or integrity [1]. The flaw has been addressed in libsoup version 3.6.1, and users are advised to update to the fixed version to mitigate the risk [2].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17- osv-coords15 versionspkg:rpm/opensuse/libsoup&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libsoup&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/libsoup&distro=SUSE%20Manager%20Server%204.3
< 3.4.4-150600.3.7.1+ 14 more
- (no CPE)range: < 3.4.4-150600.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.4.4-150600.3.7.1
- (no CPE)range: < 3.4.4-150600.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.4.2-6.1
- (no CPE)range: < 3.4.4-slfo.1.1_3.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.