UBUNTU-CVE-2025-49014
- Source
- https://ubuntu.com/security/CVE-2025-49014
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-49014.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-49014
- Upstream
- Withdrawn
- 2025-07-18T17:05:07Z
- Published
- 2025-06-19T15:15:00Z
- Modified
- 2025-07-16T05:26:27Z
- Severity
-
- 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function f_strflocaltime of /src/builtin.c. This issue has been patched in commit 499c91b, no known fix version exists at time of publication.
- References
Affected packages
Ubuntu:22.04:LTS / jq
Package
- Name
- jq
- Purl
- pkg:deb/ubuntu/jq@1.6-2.1ubuntu3?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6-2.1ubuntu3
Ecosystem specific
{
"binaries": [
{
"binary_name": "jq",
"binary_version": "1.6-2.1ubuntu3"
},
{
"binary_name": "jq-dbgsym",
"binary_version": "1.6-2.1ubuntu3"
},
{
"binary_name": "libjq-dev",
"binary_version": "1.6-2.1ubuntu3"
},
{
"binary_name": "libjq1",
"binary_version": "1.6-2.1ubuntu3"
},
{
"binary_name": "libjq1-dbgsym",
"binary_version": "1.6-2.1ubuntu3"
}
],
"availability": "No subscription required"
}
Ubuntu:24.04:LTS / jq
Package
- Name
- jq
- Purl
- pkg:deb/ubuntu/jq@1.7.1-3build1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.1-3build1
Ecosystem specific
{
"binaries": [
{
"binary_name": "jq",
"binary_version": "1.7.1-3build1"
},
{
"binary_name": "jq-dbgsym",
"binary_version": "1.7.1-3build1"
},
{
"binary_name": "libjq-dev",
"binary_version": "1.7.1-3build1"
},
{
"binary_name": "libjq1",
"binary_version": "1.7.1-3build1"
},
{
"binary_name": "libjq1-dbgsym",
"binary_version": "1.7.1-3build1"
}
],
"availability": "No subscription required"
}
Ubuntu:25.04 / jq
Package
- Name
- jq
- Purl
- pkg:deb/ubuntu/jq@1.7.1-3ubuntu1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.1-3ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_name": "jq",
"binary_version": "1.7.1-3ubuntu1"
},
{
"binary_name": "jq-dbgsym",
"binary_version": "1.7.1-3ubuntu1"
},
{
"binary_name": "libjq-dev",
"binary_version": "1.7.1-3ubuntu1"
},
{
"binary_name": "libjq1",
"binary_version": "1.7.1-3ubuntu1"
},
{
"binary_name": "libjq1-dbgsym",
"binary_version": "1.7.1-3ubuntu1"
}
],
"availability": "No subscription required"
}