RapidJSON could be made to crash or run programs as an administrator if it
opened a specially crafted file.
Software Description:
- rapidjson: A fast JSON parser/generator for C++
Details:
It was discovered that RapidJSON did not properly protect against integer
overflows in certain instances when parsing JSON text. A remote attacker
could possibly use this issue to craft a malicious JSON file, that when
read by RapidJSON, would lead to an elevation of privilege, resulting in
the potential disclosure of sensitive information.
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
rapidjson-dev 1.1.0+dfsg2-7.2ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
rapidjson-dev 1.1.0+dfsg2-7ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
rapidjson-dev 1.1.0+dfsg2-5ubuntu1+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
rapidjson-dev 1.1.0+dfsg2-3ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
rapidjson-dev 0.12~git20141031-3ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-8189-1
CVE-2024-39684
Get the latest Linux and open source security news straight to your inbox.