VYPR

rpm package

opensuse/jq&distro=openSUSE Leap 15.6

pkg:rpm/opensuse/jq&distro=openSUSE%20Leap%2015.6

Vulnerabilities (3)

  • CVE-2025-9403LowAug 25, 2025
    affected < 1.6-150000.3.12.1fixed 1.6-150000.3.12.1

    A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and m

  • CVE-2025-48060May 21, 2025
    affected < 1.6-150000.3.9.1fixed 1.6-150000.3.9.1

    jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication,

  • CVE-2024-23337May 21, 2025
    affected < 1.6-150000.3.6.1fixed 1.6-150000.3.6.1

    jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch fo