Back to search
CVE-2025-48060
Published: May 21, 2025
Modified: Nov 3, 2025
PUBLISHED
Description
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
| Vendor | Product | Versions |
|---|---|---|
jqlang | jq | affected <= 1.7.1 |
Weaknesses (CWE)
References
https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now