CVE-2025-4948
Denial of Service risk in the libsoup HTTP library
Overview
The vulnerability was found in the libsoup HTTP library commonly used by GNOME applications due to improper validation. It could lead to an integer underflow causing Denial of Service (DoS) risk.
Technical Details
This flaw is in the soup_multipart_new_from_message() function of the libsoup library. This issue occurs when specially crafted multipart messages are processed. It leads to an internal calculation error, resulting in an integer underflow and subsequent invalid memory access.
CVSS Metrics
- attack vector: NETWORK
- attack complexity: LOW
- privileges required: NONE
- user interaction: NONE
- scope: UNCHANGED
- confidentiality impact: NONE
- integrity impact: NONE
- availability impact: HIGH
Impact
Any application or server using libsoup could be forced to exit unexpectedly, creating a potential for a Denial-of-Service (DoS) attack.
Recommendations
To avoid this vulnerability, validate the multipart messages properly before they are processed by the application. Updating the libsoup library to the latest version may also help mitigate this issue.
Threat Metrics
- cvss_score: 7.5
- severity: HIGH
- attack_vector: NETWORK
- attack_complexity: LOW