← Back

Jq

jq

Vendor: Jq Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-4074
1Jq Project
1Jq
May 6, 2026
May 6, 2016
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
CVE-2015-8863
2Jq Project
Opensuse
3Jq
LeapOpensuse
May 6, 2026
May 6, 2016
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.