SUSE-SU-2025:20591-1 Security update for jq

This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jqfuzzexecute jvstringvfmt bsc1244116 - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvparraywrite bsc1243450 - CVE-2024-53427: Fixed stack-buffer-overflow in the decNumberCopy function in...

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

PT-2025-8729

Name of the Vulnerable Software and Affected Versions jq version 1.7.1 Description The issue is related to a stack-buffer-overflow in the decNumberCopy function within decNumber.c. Recommendations For jq version 1.7.1, at the moment, there is no information about a newer version that contains a f...

CVE-2024-53427

The CVE-2024-53427 issue in jq (through 1.7.1) arises from decNumberCopy in decNumber.c misinterpreting NaN as numeric, leading to a stack-based buffer overflow and out-of-bounds write. Demonstrated by using --slurp with subtraction on certain digit strings containing NaN (e.g., "1 NaN123" follow...

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...