AZL-61974

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61974.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-61974

Upstream

CVE-2025-48060

Published

2025-05-21T18:15:53Z

Modified

2026-04-21T04:31:53.092135Z

Summary

CVE-2025-48060 affecting package jq for versions less than 1.6-4

Details

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jv_string_vfmt in the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void* p = malloc(sz);. As of time of publication, no patched versions are available.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-48060

Affected packages

Azure Linux:2 / jq

Package

Name: jq
Purl: pkg:rpm/azure-linux/jq

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61974.json"