libsoup Integer Underflow Vulnerability Leading to Buffer Overread and Denial-of-Service

Vulnerability

A moderate severity integer underflow vulnerability has been identified in libsoup, specifically in versions 3.6.1 and higher. This flaw arises when the library processes content with zero-length resources, leading to a buffer overread. The vulnerability was introduced by a previous patch for CVE-2025-32052, which altered a loop condition in a way that allowed the underflow to occur. As a result, an application could be manipulated to access sensitive information or experience a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a buffer overread, which can lead to undefined behavior such as crashes or resource consumption. In some cases, buffer overreads can be exploited to execute unauthorized code or commands.

Reproduction

The vulnerability can be reproduced by using libsoup to process a resource with a length of zero. This can be done by creating a SoupBuffer with no data and passing it to a function that sniffs content types, such as 'sniff_unknown' in 'libsoup/soup-content-sniffer.c'. The integer underflow occurs because the resource length is incorrectly handled, allowing the loop to execute on an empty buffer and overread memory.

Remediation

A patch for this vulnerability has been committed and is available in the official libsoup repository. Users should upgrade to the latest version of libsoup that includes this fix.

Added: Mar 19, 2026, 3:24 PM
Updated: Mar 19, 2026, 3:24 PM

Vulnerability Rating

Custom Algorithm
spread
7.3
impact
5.0
exploitability
9.5
remediation
0.0
relevance
2.7
threat
6.4
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.