CVE-2026-39979

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

UBUNTU-CVE-2015-8863

Off-by-one error in the tokenadd function in jvparse.c in jq allows remote attackers to cause a denial of service crash via a long JSON-encoded number, which triggers a heap-based buffer overflow...