[ubuntu/jammy-security] cjson 1.7.15-1ubuntu0.1 (Accepted)
Shishir Subedi
shishirsub10 at gmail.com
Mon Jan 26 03:18:07 UTC 2026
cjson (1.7.15-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: denial of service when parsing large numbers
- debian/patches/CVE-2023-26819.patch: allocate dynamic memory for
temporary buffer instead of using fixed 64-byte stack buffer in
parse_number() function in cJSON.c
- CVE-2023-26819
* SECURITY UPDATE: heap buffer overflow in parse_string function
- debian/patches/CVE-2023-53154.patch: add bounds checking in
parse_string() to prevent out-of-bounds read when parsing JSON
strings without null terminators
- CVE-2023-53154
* SECURITY UPDATE: Out-of-bounds memory access
- debian/patches/CVE-2025-57052.patch: fix the incorrect check in
decode_array_index_from_pointer
- CVE-2025-57052
Date: 2026-01-21 14:02:18.969968+00:00
Changed-By: Shishir Subedi <shishirsub10 at gmail.com>
https://launchpad.net/ubuntu/+source/cjson/1.7.15-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list