A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.
Fixes

Solution

No solution given by the vendor.


Workaround

Currently, no mitigation is available for this vulnerability.

History

Thu, 29 May 2025 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Thu, 29 May 2025 07:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
References

Wed, 21 May 2025 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Tue, 15 Apr 2025 02:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 14 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 14 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.
Title Libsoup: null pointer dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-476
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T18:20:26.615Z

Reserved: 2025-04-14T01:59:13.827Z

Link: CVE-2025-32909

cve-icon Vulnrichment

Updated: 2025-04-14T15:33:47.198Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-04-14T15:15:25.140

Modified: 2025-05-29T07:15:24.480

Link: CVE-2025-32909

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-04-14T00:00:00Z

Links: CVE-2025-32909 - Bugzilla

cve-icon OpenCVE Enrichment

No data.