An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soupmultipartinputstreamread_headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata.
{
"binaries": [
{
"binary_version": "2.74.2-3ubuntu0.7",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.74.2-3ubuntu0.7",
"binary_name": "libsoup-gnome2.4-1"
},
{
"binary_version": "2.74.2-3ubuntu0.7",
"binary_name": "libsoup2.4-1"
},
{
"binary_version": "2.74.2-3ubuntu0.7",
"binary_name": "libsoup2.4-common"
},
{
"binary_version": "2.74.2-3ubuntu0.7",
"binary_name": "libsoup2.4-tests"
}
]
}{
"binaries": [
{
"binary_version": "2.74.3-6ubuntu1.7",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.74.3-6ubuntu1.7",
"binary_name": "libsoup-2.4-1"
},
{
"binary_version": "2.74.3-6ubuntu1.7",
"binary_name": "libsoup-gnome-2.4-1"
},
{
"binary_version": "2.74.3-6ubuntu1.7",
"binary_name": "libsoup2.4-common"
},
{
"binary_version": "2.74.3-6ubuntu1.7",
"binary_name": "libsoup2.4-tests"
}
]
}{
"binaries": [
{
"binary_version": "3.4.4-5ubuntu0.7",
"binary_name": "gir1.2-soup-3.0"
},
{
"binary_version": "3.4.4-5ubuntu0.7",
"binary_name": "libsoup-3.0-0"
},
{
"binary_version": "3.4.4-5ubuntu0.7",
"binary_name": "libsoup-3.0-common"
},
{
"binary_version": "3.4.4-5ubuntu0.7",
"binary_name": "libsoup-3.0-tests"
}
]
}{
"binaries": [
{
"binary_version": "3.6.6-1",
"binary_name": "gir1.2-soup-3.0"
},
{
"binary_version": "3.6.6-1",
"binary_name": "libsoup-3.0-0"
},
{
"binary_version": "3.6.6-1",
"binary_name": "libsoup-3.0-common"
},
{
"binary_version": "3.6.6-1",
"binary_name": "libsoup-3.0-tests"
}
]
}{
"binaries": [
{
"binary_version": "2.70.0-1ubuntu0.5+esm2",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.70.0-1ubuntu0.5+esm2",
"binary_name": "libsoup-gnome2.4-1"
},
{
"binary_version": "2.70.0-1ubuntu0.5+esm2",
"binary_name": "libsoup2.4-1"
},
{
"binary_version": "2.70.0-1ubuntu0.5+esm2",
"binary_name": "libsoup2.4-tests"
}
]
}{
"binaries": [
{
"binary_version": "3.0.7-0ubuntu1+esm7",
"binary_name": "gir1.2-soup-3.0"
},
{
"binary_version": "3.0.7-0ubuntu1+esm7",
"binary_name": "libsoup-3.0-0"
},
{
"binary_version": "3.0.7-0ubuntu1+esm7",
"binary_name": "libsoup-3.0-common"
},
{
"binary_version": "3.0.7-0ubuntu1+esm7",
"binary_name": "libsoup-3.0-tests"
}
]
}{
"binaries": [
{
"binary_version": "2.74.3-10.1ubuntu5+esm1",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.74.3-10.1ubuntu5+esm1",
"binary_name": "libsoup-2.4-1"
},
{
"binary_version": "2.74.3-10.1ubuntu5+esm1",
"binary_name": "libsoup-gnome-2.4-1"
},
{
"binary_version": "2.74.3-10.1ubuntu5+esm1",
"binary_name": "libsoup2.4-common"
},
{
"binary_version": "2.74.3-10.1ubuntu5+esm1",
"binary_name": "libsoup2.4-tests"
}
]
}