CVE-2025-48060
CVE Information
CVE ID
CVE-2025-48060
Severity
HIGH
CVSS 7.5
Publish Date
2025-05-21
Description
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
Collection Date
2026-01-13
Impact Summary
Affected Hosts
2
Related Incidents
0
Related Alerts
0
Affected Hosts (2)
| Hostname | OS Type | Severity | Total CVEs |
|---|---|---|---|
| inbridge-42 | LINUX | CRITICAL | 142 |
| inbridge-ubt-24 | LINUX | CRITICAL | 2364 |