Ubuntu alert USN-7973-1 (cjson)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7973-1] cJSON vulnerabilities | |
| Date: | Mon, 26 Jan 2026 08:27:15 +0000 | |
| Message-ID: | <E1vkHwJ-0004IB-72@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7973-1 January 23, 2026 cjson vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in cJSON. Software Description: - cjson: Ultralightweight JSON parser in ANSI C Details: It was discovered that cJSON incorrectly handled parsing large numbers. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-26819) It was discovered that cJSON may perform out-of-bounds read when processing specially crafted JSON files using parse_object. An attacker could possibly use this issue to expose sensitive information or crash the program. (CVE-2023-53154) It was discovered that cJSON incorrectly validated array indices in JSON pointers, which could result in an out-of-bounds memory access. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2025-57052) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libcjson1 1.7.18-3.1ubuntu0.1 Ubuntu 24.04 LTS libcjson1 1.7.17-1ubuntu0.1~esm3 Available with Ubuntu Pro Ubuntu 22.04 LTS libcjson1 1.7.15-1ubuntu0.1 Ubuntu 20.04 LTS libcjson1 1.7.10-1.1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7973-1 CVE-2023-26819, CVE-2023-53154, CVE-2025-57052 Package Information: https://launchpad.net/ubuntu/+source/cjson/1.7.18-3.1ubun... https://launchpad.net/ubuntu/+source/cjson/1.7.15-1ubuntu0.1
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAml3I+YACgkQcpJm3tlz hgErxxAAik5pE0maSow0bZC8DoPrmWemAdPrupqtD3ChB78cWSaKsdyIeyFg321x VCQnKN9bSi6Y/EXMB2R40115IGx9xEhrzFcPfGMluUWKFgKsNQOrBqjkHuj4AyJ9 F4/TQSeJqFilyAJYK1+ptqAVDnH84sjmVelkBi1Up8XyhnZlp5DFJ/yn++T4ai0U VXJnf5H6rOYyYD+c0TLFj+s0erb0rHmlKcIhAezorIs4NVB2CTy9FeyHDn0yP/z8 zlYik+jD2NRyWDGQ8prm7a1zwg0q4/bHjkA3x391ySdC7ardo0AhY2QngKluYLAv 9IblU/+OCycxuEwjmRPNgnarsrIkVKrzmlwN2PAj0zD4QE9+97rDxABNOD9QmeTK QDauYJpaTS7cf5wqnHIo/oSEr0ePUXGAHoiqhulBBDahD79TjclFO/s3aGa8wJd3 5hMN6m9aW6Tnk2dPtM2RYhRCnmUN9jbRCcQcujJoArOkFu/PJ/+Sex+0yq1x8hkU jrdZ8naoMzDutvEwsJsfefXsQW2YgGBTR9ZD8aCDU5DGqnv4xaN3Y+0F63QHiSql 9A2M+CSXrOYrm7R8abtWpYUGJMaSCudzThJjT9EA6z5KILiQ39FIxtpwJoCV5RtX NPGBgKewJije437nIkZPPQdpu0qDAD+ykmJM7jCaEmv0OuszCK8= =SoQl -----END PGP SIGNATURE-----