Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Mageia 9 jq Critical DoS and Code Exec Issues Vuln 2026-0188

mageia
Calendar Grey June 10, 2026
Dist Mageia Esm H88
Critical security update addressing multiple denial of service risks and code execution issues in jq for Mageia 9.
Security update

Summary

Description: An integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. (CVE-2024-23337) It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-32316) It was discovered that jq did not correctly handle recursion in certain circumstances. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-33947) It was discovered that jq did not correctly handle improperly terminated strings. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-33948) It was discovered that jq did not correctly handle checking certain variable types. An attacker could possibly use this issue to cause a denial of service or leak sensitive information. (CVE-2026-39956) It was discovered that jq did not correctly handle certai...

References

- https://bugs.mageia.org/show_bug.cgi?id=34443

- https://www.openwall.com/lists/oss-security/2026/04/15/8

- https://github.com/jqlang/jq/security/advisories/GHSA-q3h9-m34w-h76f

- https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p

- https://github.com/jqlang/jq/security/advisories/GHSA-32cx-cvvh-2wj9

- https://github.com/jqlang/jq/security/advisories/GHSA-xwrw-4f8h-rjvg

- https://github.com/jqlang/jq/security/advisories/GHSA-6gc3-3g9p-xx28

- https://github.com/jqlang/jq/security/advisories/GHSA-wwj8-gxm6-jc29

- https://github.com/jqlang/jq/security/advisories/GHSA-gf4g-95wj-4q4r

- https://www.cve.org/CVERecord?id=CVE-2024-23337

- https://www.cve.org/CVERecord?id=CVE-2025-48060

- https://www.cve.org/CVERecord?id=CVE-2026-32316

- https://www.cve.org/CVERecord?id=CVE-2026-39979

- https://www.cve.org/CVERecord?id=CVE-2026-33948

- https://www.cve.org/CVERecord?id=CVE-2026-33947

- https://www.cve.org/CVERecord?id=CVE-2026-39956

- https://www.cve.org/CVERecord?id=CVE-2026-40164

Topics%20covered

Topics Covered

security advisory denial of service arbitrary code execution integer overflow Mageia jq

Resolution

SRPMS

- 9/core/jq-1.6-3.1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 10 Jun 2026
URL: https://advisories.mageia.org/MGASA-2026-0188.html
Type: security
CVE: CVE-2024-23337, CVE-2025-48060, CVE-2026-32316, CVE-2026-39979, CVE-2026-33948, CVE-2026-33947, CVE-2026-39956, CVE-2026-40164

Topics%20covered

Topics Covered

security advisory denial of service arbitrary code execution integer overflow Mageia jq

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here