PT-2025-26220 · Jq+2 · Jq+2

Sofiaaberegg

·

Published

2025-06-19

·

Updated

2025-09-25

·

CVE-2025-49014

CVSS v4.0

6.9

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions jq version 1.8.0
Description A heap use after free issue exists within the function f strflocaltime of /src/builtin.c. This is a problem in a command-line JSON processor.
Recommendations For version 1.8.0, consider restricting access to the f strflocaltime function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2025-9954
BDU:2025-07446
CVE-2025-49014
GHSA-RMJP-CR27-WPG2
OESA-2025-1809
OPENSUSE-SU-2025:15233-1

Affected Products

Alt Linux
Red Os
Jq