CVE-2026-54679

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 25, 2026

Vendor unknown

Description

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2.

References

https://github.com/jqlang/jq/security/advisories/GHSA-29gj-222p-j7vx