Bug#1118783: libsoup3: CVE-2025-12105
Salvatore Bonaccorso
carnil at debian.org
Sat Oct 25 14:19:03 BST 2025
Source: libsoup3
Version: 3.6.5-4
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: found -1 3.6.5-3
Hi,
The following vulnerability was published for libsoup3.
CVE-2025-12105[0]:
| A flaw was found in the asynchronous message queue handling of the
| libsoup library, widely used by GNOME and WebKit-based applications
| to manage HTTP/2 communications. When network operations are aborted
| at specific timing intervals, an internal message queue item may be
| freed twice due to missing state synchronization. This leads to a
| use-after-free memory access, potentially crashing the affected
| application. Attackers could exploit this behavior remotely by
| triggering specific HTTP/2 read and cancel sequences, resulting in a
| denial-of-service condition.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-12105
https://www.cve.org/CVERecord?id=CVE-2025-12105
[1] https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481
[2] https://gitlab.gnome.org/GNOME/libsoup/-/commit/9ba1243a24e442fa5ec44684617a4480027da960
Please adjust the affected versions in the BTS as needed.
I have not filled yet a second bug as well against src:libsoup2.4, I'm
not certain the issue is there as the code has seen major refactoring
adding run_until_read_done().
Regards,
Salvatore
More information about the pkg-gnome-maintainers
mailing list