In the library libsoup, developed by the GNOME project, 14 vulnerabilities that were revealed. Libsoud provides the implementation of the Client and HTTP server using Gobjects to integrate GNOME. The library is utilized in Gnome Shell, the Epiphany browser (Gnome Web), the shotwell image viewer, in the SoultPSRC GStreamer Plugin, and in applications using Libwebkit2GTK. Previously, the Libsoup library was used in NetworkManager, which was later transferred to Libcurl starting from release 1.8.
One of the vulnerabilities (CVE-2025-32911) leads to double memory release (Double-free) in soup_message_headers_get_content_disposition() and could potentially be exploited to execute malicious code when processing specially crafted requests from the HTTP client to the server using Libsoup. This issue was resolved in version Libsoup 3.6.3.
12 of the vulnerabilities result in buffer overflows during read operations or NULL pointer dereference, leading to denial of service (the attacker could cause a crash of the application utilizing Libsoup). One issue (CVE-2025-32907) is due to improper handling of the RANGE header and enables the client to trigger excessive memory consumption on the server.