jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
A flaw was found in jq, a command line JSON processor. An integer overflow can occur when attempting to assign a value using an array index of 2147483647 or when creating an array with 2147483647 elements, the maximum value for a 32-bit signed integer. This issue causes out-of-bounds memory access and results in a denial of service.
It was discovered that jq incorrectly handled certain values when parsing JSON data. A remote attacker could possibly use this issue to cause jq to crash, resulting in a denial of service. It was discovered that jq incorrectly handled NaN values when parsing JSON data. A remote attacker could possibly use this issue to cause jq to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS, and Ubuntu 25.04.