Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 500
Alerts This Week
Warning Icon 1 500

Fedora 43 antlr4-project Important Path Traversal Fix CVE-2026-13503

fedora
Calendar Grey July 18, 2026
Scroller Fedora
Update addresses critical CVE-2026-13503 for antlr4-project in Fedora 43, preventing path traversal issues.
This update contains a fix for CVE-2026-13503.

Summary

ANTLR (ANother Tool for Language Recognition) is a powerful parser generator

for reading, processing, executing, or translating structured text or binary

files. It is widely used to build languages, tools, and frameworks. From a

grammar, ANTLR generates a parser that can build and walk parse trees.

Update Information:

This update contains a fix for CVE-2026-13503.

Change Log

* Fri Jul 10 2026 Jerry James - 4.13.2-14 - Add patch to fix CVE-2026-13503 * Fri Jul 10 2026 Jerry James - 4.13.2-13 - Drop unused BuildRequires * Fri Jul 10 2026 Jerry James - 4.13.2-12 - Add Unicode-3.0 to the antlr4 License field * Fri Jul 10 2026 Jerry James - 4.13.2-11 - Reflow the description text - Remove ancient obsoletes * Wed Nov 12 2025 Vít Ondruch - 4.13.2-10 - Rebuild for nodejs-packaging

References


[ 1 ] Bug #2494757 - CVE-2026-13503 ANTLR4: Path traversal via manipulation of getImportedVocabFile function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494757

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d9ca28a7b8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: antlr4-project
Product: Fedora 43
Version: 4.13.2
Release: 14.fc43
Summary: Parser generator (ANother Tool for Language Recognition)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.