CVE-2025-4945

LOW Year: 2025
CVSS v3 Score
3.7
Low
Weakness Type
CWE-190
View all →

Vulnerability Description

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

Related Vulnerabilities

CVE-2025-3360

LOW
CVSS:3.7(Low)

A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.

CWE-1902025

CVE-2020-12829

LOW
CVSS:3.8(Low)

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engin...

CWE-1902020

CVE-2024-50610

LOW
CVSS:3.6(Low)

GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.

CWE-1902024

CVE-2025-2295

LOW
CVSS:3.5(Low)

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

CWE-1902025

CVE-2025-32364

MEDIUM
CVSS:4.0(Medium)

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.

CWE-1902025

CVE-2016-9085

LOW
CVSS:3.3(Low)

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

CWE-1902016