Bug#1126877: libsoup3: CVE-2026-1761
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 3 07:16:10 GMT 2026
Source: libsoup3
Version: 3.6.5-3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libsoup/-/issues/493
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for libsoup3.
CVE-2026-1761[0]:
| A flaw was found in libsoup. This stack-based buffer overflow
| vulnerability occurs during the parsing of multipart HTTP responses
| due to an incorrect length calculation. A remote attacker can
| exploit this by sending a specially crafted multipart HTTP response,
| which can lead to memory corruption. This issue may result in
| application crashes or arbitrary code execution in applications that
| process untrusted server responses, and it does not require
| authentication or user interaction.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-1761
https://www.cve.org/CVERecord?id=CVE-2026-1761
[1] https://gitlab.gnome.org/GNOME/libsoup/-/issues/493
[2] https://gitlab.gnome.org/GNOME/libsoup/-/commit/cfa9d90d1a5c274233554a264c56551c13d6a6f0
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-gnome-maintainers
mailing list