CVE-2025-32911

Critical CVSS: 9.0

A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.

Vendor

Product

CWE

CWE-590

Yayın Tarihi

2025-04-15 16:16:06

Güncelleme

2025-11-18 09:15:51

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-590 CRITICAL 2025

Referanslar

https://access.redhat.com/errata/RHSA-2025:21657 https://access.redhat.com/errata/RHSA-2025:4439 https://access.redhat.com/errata/RHSA-2025:4440 https://access.redhat.com/errata/RHSA-2025:4508 https://access.redhat.com/errata/RHSA-2025:4538 https://access.redhat.com/errata/RHSA-2025:4560 https://access.redhat.com/errata/RHSA-2025:4568 https://access.redhat.com/errata/RHSA-2025:4609 https://access.redhat.com/errata/RHSA-2025:4624 https://access.redhat.com/errata/RHSA-2025:7436 https://access.redhat.com/errata/RHSA-2025:8292 https://access.redhat.com/errata/RHSA-2025:9179 https://access.redhat.com/security/cve/CVE-2025-32911 https://bugzilla.redhat.com/show_bug.cgi?id=2359355 https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html