Integer overflow in Jqlang Jq
CVE-2026-54679
jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2.
Vulnerability class: Integer Overflow
Affected products
- Jqlang Jq — versions < 1.8.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)