USN-7643-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-7643-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7643-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-7643-1
Upstream
Related
Published
2025-07-17T12:30:05.127112Z
Modified
2025-10-13T04:42:07Z
Summary
libsoup3, libsoup2.4 vulnerabilities
Details

Jan Różański discovered that libsoup incorrectly handled range headers in an HTTP request. An attacker could possibly use this issue to cause libsoup to consume excessive memory, resulting in a denial of service. (CVE-2025-32907)

Alon Zahavi discovered that libsoup incorrectly handled memory when parsing HTTP requests. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service or obtaining sensitive information. This issue only affected Ubuntu 25.04. (CVE-2025-32914)

It was discovered that libsoup incorrectly handled memory when parsing the expiration date of maliciously crafted cookies. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-4945)

It was discovered that libsoup incorrectly handled integer calculations when parsing multipart data. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-4948)

It was discovered that libsoup incorrectly handled buffer reading when locating boundaries in multipart forms. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2025-4969)

References

Affected packages

Ubuntu:22.04:LTS

libsoup2.4

Package

Name
libsoup2.4
Purl
pkg:deb/ubuntu/libsoup2.4@2.74.2-3ubuntu0.6?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.74.2-3ubuntu0.6

Affected versions

2.*

2.72.0-3ubuntu3
2.74.1-1
2.74.2-2
2.74.2-3
2.74.2-3ubuntu0.1
2.74.2-3ubuntu0.2
2.74.2-3ubuntu0.3
2.74.2-3ubuntu0.4
2.74.2-3ubuntu0.5

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "gir1.2-soup-2.4",
            "binary_version": "2.74.2-3ubuntu0.6"
        },
        {
            "binary_name": "libsoup-gnome2.4-1",
            "binary_version": "2.74.2-3ubuntu0.6"
        },
        {
            "binary_name": "libsoup-gnome2.4-dev",
            "binary_version": "2.74.2-3ubuntu0.6"
        },
        {
            "binary_name": "libsoup2.4-1",
            "binary_version": "2.74.2-3ubuntu0.6"
        },
        {
            "binary_name": "libsoup2.4-common",
            "binary_version": "2.74.2-3ubuntu0.6"
        },
        {
            "binary_name": "libsoup2.4-dev",
            "binary_version": "2.74.2-3ubuntu0.6"
        },
        {
            "binary_name": "libsoup2.4-tests",
            "binary_version": "2.74.2-3ubuntu0.6"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4945"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4948"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4969"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-32907"
        }
    ],
    "ecosystem": "Ubuntu:22.04:LTS"
}

Ubuntu:24.04:LTS

libsoup2.4

Package

Name
libsoup2.4
Purl
pkg:deb/ubuntu/libsoup2.4@2.74.3-6ubuntu1.6?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.74.3-6ubuntu1.6

Affected versions

2.*

2.74.3-1
2.74.3-2
2.74.3-3
2.74.3-6
2.74.3-6build1
2.74.3-6ubuntu1
2.74.3-6ubuntu1.1
2.74.3-6ubuntu1.2
2.74.3-6ubuntu1.3
2.74.3-6ubuntu1.4
2.74.3-6ubuntu1.5

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "gir1.2-soup-2.4",
            "binary_version": "2.74.3-6ubuntu1.6"
        },
        {
            "binary_name": "libsoup-2.4-1",
            "binary_version": "2.74.3-6ubuntu1.6"
        },
        {
            "binary_name": "libsoup-gnome-2.4-1",
            "binary_version": "2.74.3-6ubuntu1.6"
        },
        {
            "binary_name": "libsoup-gnome2.4-dev",
            "binary_version": "2.74.3-6ubuntu1.6"
        },
        {
            "binary_name": "libsoup2.4-common",
            "binary_version": "2.74.3-6ubuntu1.6"
        },
        {
            "binary_name": "libsoup2.4-dev",
            "binary_version": "2.74.3-6ubuntu1.6"
        },
        {
            "binary_name": "libsoup2.4-tests",
            "binary_version": "2.74.3-6ubuntu1.6"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4945"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4948"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4969"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-32907"
        }
    ],
    "ecosystem": "Ubuntu:24.04:LTS"
}

libsoup3

Package

Name
libsoup3
Purl
pkg:deb/ubuntu/libsoup3@3.4.4-5ubuntu0.5?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.4-5ubuntu0.5

Affected versions

3.*

3.4.2-4
3.4.4-1
3.4.4-2
3.4.4-4
3.4.4-5
3.4.4-5build1
3.4.4-5build2
3.4.4-5ubuntu0.1
3.4.4-5ubuntu0.2
3.4.4-5ubuntu0.3
3.4.4-5ubuntu0.4

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "gir1.2-soup-3.0",
            "binary_version": "3.4.4-5ubuntu0.5"
        },
        {
            "binary_name": "libsoup-3.0-0",
            "binary_version": "3.4.4-5ubuntu0.5"
        },
        {
            "binary_name": "libsoup-3.0-common",
            "binary_version": "3.4.4-5ubuntu0.5"
        },
        {
            "binary_name": "libsoup-3.0-dev",
            "binary_version": "3.4.4-5ubuntu0.5"
        },
        {
            "binary_name": "libsoup-3.0-tests",
            "binary_version": "3.4.4-5ubuntu0.5"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4945"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4948"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4969"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-32907"
        }
    ],
    "ecosystem": "Ubuntu:24.04:LTS"
}

Ubuntu:25.04

libsoup2.4

Package

Name
libsoup2.4
Purl
pkg:deb/ubuntu/libsoup2.4@2.74.3-10ubuntu0.4?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.74.3-10ubuntu0.4

Affected versions

2.*

2.74.3-7
2.74.3-8
2.74.3-8ubuntu1
2.74.3-8.1
2.74.3-9
2.74.3-10
2.74.3-10ubuntu0.1
2.74.3-10ubuntu0.2
2.74.3-10ubuntu0.3

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "gir1.2-soup-2.4",
            "binary_version": "2.74.3-10ubuntu0.4"
        },
        {
            "binary_name": "libsoup-2.4-1",
            "binary_version": "2.74.3-10ubuntu0.4"
        },
        {
            "binary_name": "libsoup-gnome-2.4-1",
            "binary_version": "2.74.3-10ubuntu0.4"
        },
        {
            "binary_name": "libsoup-gnome2.4-dev",
            "binary_version": "2.74.3-10ubuntu0.4"
        },
        {
            "binary_name": "libsoup2.4-common",
            "binary_version": "2.74.3-10ubuntu0.4"
        },
        {
            "binary_name": "libsoup2.4-dev",
            "binary_version": "2.74.3-10ubuntu0.4"
        },
        {
            "binary_name": "libsoup2.4-tests",
            "binary_version": "2.74.3-10ubuntu0.4"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4945"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4948"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4969"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-32907"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-32914"
        }
    ],
    "ecosystem": "Ubuntu:25.04"
}

libsoup3

Package

Name
libsoup3
Purl
pkg:deb/ubuntu/libsoup3@3.6.5-1ubuntu0.2?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.5-1ubuntu0.2

Affected versions

3.*

3.6.0-2
3.6.0-3
3.6.0-4
3.6.1-1
3.6.4-1
3.6.4-2
3.6.4-3
3.6.5-1
3.6.5-1ubuntu0.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "gir1.2-soup-3.0",
            "binary_version": "3.6.5-1ubuntu0.2"
        },
        {
            "binary_name": "libsoup-3.0-0",
            "binary_version": "3.6.5-1ubuntu0.2"
        },
        {
            "binary_name": "libsoup-3.0-common",
            "binary_version": "3.6.5-1ubuntu0.2"
        },
        {
            "binary_name": "libsoup-3.0-dev",
            "binary_version": "3.6.5-1ubuntu0.2"
        },
        {
            "binary_name": "libsoup-3.0-tests",
            "binary_version": "3.6.5-1ubuntu0.2"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4945"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4948"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4969"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-32907"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-32914"
        }
    ],
    "ecosystem": "Ubuntu:25.04"
}

Ubuntu:Pro:16.04:LTS

libsoup2.4

Package

Name
libsoup2.4
Purl
pkg:deb/ubuntu/libsoup2.4@2.52.2-1ubuntu0.3+esm5?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.52.2-1ubuntu0.3+esm5

Affected versions

2.*

2.50.0-2debian1
2.52.1-1
2.52.2-1
2.52.2-1ubuntu0.1
2.52.2-1ubuntu0.2
2.52.2-1ubuntu0.3
2.52.2-1ubuntu0.3+esm1
2.52.2-1ubuntu0.3+esm2
2.52.2-1ubuntu0.3+esm3
2.52.2-1ubuntu0.3+esm4

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "gir1.2-soup-2.4",
            "binary_version": "2.52.2-1ubuntu0.3+esm5"
        },
        {
            "binary_name": "libsoup-gnome2.4-1",
            "binary_version": "2.52.2-1ubuntu0.3+esm5"
        },
        {
            "binary_name": "libsoup-gnome2.4-dev",
            "binary_version": "2.52.2-1ubuntu0.3+esm5"
        },
        {
            "binary_name": "libsoup2.4-1",
            "binary_version": "2.52.2-1ubuntu0.3+esm5"
        },
        {
            "binary_name": "libsoup2.4-dev",
            "binary_version": "2.52.2-1ubuntu0.3+esm5"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4945"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4948"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4969"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-32907"
        }
    ],
    "ecosystem": "Ubuntu:Pro:16.04:LTS"
}

Ubuntu:Pro:18.04:LTS

libsoup2.4

Package

Name
libsoup2.4
Purl
pkg:deb/ubuntu/libsoup2.4@2.62.1-1ubuntu0.4+esm6?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.62.1-1ubuntu0.4+esm6

Affected versions

2.*

2.60.1-1
2.60.2-1
2.60.2-2
2.60.3-1
2.61.90-1
2.62.0-1
2.62.1-1
2.62.1-1ubuntu0.1
2.62.1-1ubuntu0.3
2.62.1-1ubuntu0.4
2.62.1-1ubuntu0.4+esm1
2.62.1-1ubuntu0.4+esm2
2.62.1-1ubuntu0.4+esm3
2.62.1-1ubuntu0.4+esm4
2.62.1-1ubuntu0.4+esm5

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "gir1.2-soup-2.4",
            "binary_version": "2.62.1-1ubuntu0.4+esm6"
        },
        {
            "binary_name": "libsoup-gnome2.4-1",
            "binary_version": "2.62.1-1ubuntu0.4+esm6"
        },
        {
            "binary_name": "libsoup-gnome2.4-dev",
            "binary_version": "2.62.1-1ubuntu0.4+esm6"
        },
        {
            "binary_name": "libsoup2.4-1",
            "binary_version": "2.62.1-1ubuntu0.4+esm6"
        },
        {
            "binary_name": "libsoup2.4-dev",
            "binary_version": "2.62.1-1ubuntu0.4+esm6"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4945"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4948"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4969"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-32907"
        }
    ],
    "ecosystem": "Ubuntu:Pro:18.04:LTS"
}

Ubuntu:Pro:20.04:LTS

libsoup2.4

Package

Name
libsoup2.4
Purl
pkg:deb/ubuntu/libsoup2.4@2.70.0-1ubuntu0.5+esm1?arch=source&distro=esm-infra/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.70.0-1ubuntu0.5+esm1

Affected versions

2.*

2.68.2-0ubuntu1
2.68.2-1
2.68.2-2
2.68.2-2build2
2.69.90-1
2.70.0-1
2.70.0-1ubuntu0.1
2.70.0-1ubuntu0.2
2.70.0-1ubuntu0.3
2.70.0-1ubuntu0.4
2.70.0-1ubuntu0.5

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "gir1.2-soup-2.4",
            "binary_version": "2.70.0-1ubuntu0.5+esm1"
        },
        {
            "binary_name": "libsoup-gnome2.4-1",
            "binary_version": "2.70.0-1ubuntu0.5+esm1"
        },
        {
            "binary_name": "libsoup-gnome2.4-dev",
            "binary_version": "2.70.0-1ubuntu0.5+esm1"
        },
        {
            "binary_name": "libsoup2.4-1",
            "binary_version": "2.70.0-1ubuntu0.5+esm1"
        },
        {
            "binary_name": "libsoup2.4-dev",
            "binary_version": "2.70.0-1ubuntu0.5+esm1"
        },
        {
            "binary_name": "libsoup2.4-tests",
            "binary_version": "2.70.0-1ubuntu0.5+esm1"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4945"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4948"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4969"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-32907"
        }
    ],
    "ecosystem": "Ubuntu:Pro:20.04:LTS"
}

Ubuntu:Pro:22.04:LTS

libsoup3

Package

Name
libsoup3
Purl
pkg:deb/ubuntu/libsoup3@3.0.7-0ubuntu1+esm5?arch=source&distro=esm-apps/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.7-0ubuntu1+esm5

Affected versions

3.*

3.0.4-2
3.0.4-3
3.0.5-1
3.0.7-0ubuntu1
3.0.7-0ubuntu1+esm1
3.0.7-0ubuntu1+esm2
3.0.7-0ubuntu1+esm3
3.0.7-0ubuntu1+esm4

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "gir1.2-soup-3.0",
            "binary_version": "3.0.7-0ubuntu1+esm5"
        },
        {
            "binary_name": "libsoup-3.0-0",
            "binary_version": "3.0.7-0ubuntu1+esm5"
        },
        {
            "binary_name": "libsoup-3.0-common",
            "binary_version": "3.0.7-0ubuntu1+esm5"
        },
        {
            "binary_name": "libsoup-3.0-dev",
            "binary_version": "3.0.7-0ubuntu1+esm5"
        },
        {
            "binary_name": "libsoup-3.0-tests",
            "binary_version": "3.0.7-0ubuntu1+esm5"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4945"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4948"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-4969"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-32907"
        }
    ],
    "ecosystem": "Ubuntu:Pro:22.04:LTS"
}