Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using size_t if possible for sizes, or to be hardened against negative values if not. This could be used to cause a denial of service in an application linked to the json-c library. Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Public via: https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
Created json-c tracking bugs for this issue: Affects: fedora-all [bug 1085676] Affects: epel-all [bug 1085677]
json-c-0.11-6.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
json-c-0.11-6.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 7 Via RHSA-2014:0703 https://rhn.redhat.com/errata/RHSA-2014-0703.html