CVE-2025-32913: 
Alma Linux vulnerability analysis and mitigation

A vulnerability (CVE-2025-32913) was discovered in libsoup, affecting the soupmessageheadersgetcontent_disposition() function. The flaw was disclosed on April 14, 2025, and impacts libsoup versions prior to 3.6.2. This vulnerability affects both client and server implementations of libsoup, a HTTP client/server library for GNOME (NVD, Ubuntu).

The vulnerability is classified as a NULL pointer dereference (CWE-476) in the soupmessageheadersgetcontent_disposition() function when the 'filename' parameter is present but has no value in the Content-Disposition header. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and can result in high availability impact (Red Hat, AttackerKB).

When exploited, this vulnerability allows a malicious HTTP peer to crash a libsoup client or server that uses the affected function, resulting in a denial of service condition. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (Debian).

The vulnerability has been fixed in libsoup version 3.6.2 and later. Users are advised to upgrade to the patched version. For systems where immediate upgrading is not possible, no specific workarounds have been published (Debian).