Davegamble Cjson
10 CVEs affecting Davegamble Cjson. Latest disclosed: 2025-09-03. Critical: 5, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-57052 | Critical | 9.8 | 2025-09-03 | cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass a… |
CVE-2019-11835 | Critical | 9.8 | 2019-05-09 | cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. |
CVE-2019-11834 | Critical | 9.8 | 2019-05-09 | cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. |
CVE-2016-10749 | Critical | 9.8 | 2019-04-29 | parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ charact… |
CVE-2018-1000217 | Critical | 9.8 | 2018-08-20 | Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of… |
CVE-2018-1000216 | High | 8.8 | 2018-08-20 | Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attac… |
CVE-2023-50472 | High | 7.5 | 2023-12-14 | cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c. |
CVE-2023-50471 | High | 7.5 | 2023-12-14 | cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c. |
CVE-2019-1010239 | High | 7.5 | 2019-07-19 | DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial… |
CVE-2018-1000215 | High | 7.5 | 2018-08-20 | Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to… |