From: Anton Skorup <[email protected]>

CVE details: https://vulert.com/vuln-db/--4743

Signed-off-by: Anton Skorup <[email protected]>
---
 .../jq/jq/CVE-2026-49839.patch                | 34 +++++++++++++++++++
 meta-oe/recipes-devtools/jq/jq_1.8.1.bb       |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/jq/jq/CVE-2026-49839.patch

diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2026-49839.patch 
b/meta-oe/recipes-devtools/jq/jq/CVE-2026-49839.patch
new file mode 100644
index 0000000000..bd4bcf8e37
--- /dev/null
+++ b/meta-oe/recipes-devtools/jq/jq/CVE-2026-49839.patch
@@ -0,0 +1,34 @@
+From 59fcd85066bea536f259b6396a7a0a939a4fb369 Mon Sep 17 00:00:00 2001
+From: itchyny <[email protected]>
+Date: Mon, 8 Jun 2026 22:14:48 +0900
+Subject: [PATCH] Fix heap-buffer-overflow in raw file loading
+
+When `jv_string_append_buf` overflows the string length limit,
+it returns an invalid `jv`; `jv_load_file` then re-entered it
+on the invalid value and overran the heap. Break out of the loop
+once the value is invalid.
+
+Fixes CVE-2026-49839.
+
+Signed-off-by: Anton Skorup <[email protected]>
+Upstream-Status: Backport 
[https://github.com/jqlang/jq/commit/e987df0d463d85fd70825e042a082427e8275b86]
+---
+ src/jv_file.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/jv_file.c b/src/jv_file.c
+index b10bcc0..40137c3 100644
+--- a/src/jv_file.c
++++ b/src/jv_file.c
+@@ -57,6 +57,8 @@ jv jv_load_file(const char* filename, int raw) {
+ 
+     if (raw) {
+       data = jv_string_append_buf(data, buf, n);
++      if (!jv_is_valid(data))
++        break;
+     } else {
+       jv_parser_set_buf(parser, buf, n, !feof(file));
+       jv value;
+-- 
+2.43.0
+
diff --git a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb 
b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb
index 7665ba2511..14e77c1bc6 100644
--- a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb
+++ b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb
@@ -18,6 +18,7 @@ SRC_URI = 
"git://github.com/jqlang/jq.git;protocol=https;branch=master;tag=jq-${
            file://CVE-2026-33948.patch \
            file://CVE-2026-39979.patch \
            file://CVE-2026-47770.patch \
+           file://CVE-2026-49839.patch \
            "
 
 inherit autotools ptest
-- 
2.43.0

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#127584): 
https://lists.openembedded.org/g/openembedded-devel/message/127584
Mute This Topic: https://lists.openembedded.org/mt/119815997/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to