json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Buffer Overflow
Integer Overflow
Json C
Fedora
Debian Linux
+2
NVD
GitHub
CVSS 3.1
7.8
EPSS
1.9%