jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2.
{ "binaries": [ { "binary_name": "jq", "binary_version": "1.6-2.1ubuntu3.2" }, { "binary_name": "libjq1", "binary_version": "1.6-2.1ubuntu3.2" } ] }
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54679.json"
{ "binaries": [ { "binary_name": "jq", "binary_version": "1.7.1-3ubuntu0.24.04.2" }, { "binary_name": "libjq1", "binary_version": "1.7.1-3ubuntu0.24.04.2" } ] }
{ "binaries": [ { "binary_name": "jq", "binary_version": "1.8.1-3ubuntu1.1" }, { "binary_name": "libjq1", "binary_version": "1.8.1-3ubuntu1.1" } ] }
{ "binaries": [ { "binary_name": "jq", "binary_version": "1.8.1-4ubuntu2" }, { "binary_name": "libjq1", "binary_version": "1.8.1-4ubuntu2" } ] }
{ "binaries": [ { "binary_name": "jq", "binary_version": "1.3-1.1ubuntu1.1+esm4" } ] }
{ "binaries": [ { "binary_name": "jq", "binary_version": "1.5+dfsg-1ubuntu0.1+esm4" } ] }
{ "binaries": [ { "binary_name": "jq", "binary_version": "1.5+dfsg-2ubuntu0.1~esm3" }, { "binary_name": "libjq1", "binary_version": "1.5+dfsg-2ubuntu0.1~esm3" } ] }
{ "binaries": [ { "binary_name": "jq", "binary_version": "1.6-1ubuntu0.20.04.1+esm3" }, { "binary_name": "libjq1", "binary_version": "1.6-1ubuntu0.20.04.1+esm3" } ] }