| Name | CVE-2026-8484 |
| Description | A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes (DoS). All versions are believed to be vulnerable. This project is unmaintained at the time of CVE assignment. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| jansi (PTS) | bullseye | 1.18-1 | vulnerable |
| bookworm | 2.4.0-2 | vulnerable |
| trixie | 2.4.1-2 | vulnerable |
| forky, sid | 2.4.2-1 | vulnerable |
| jansi-native (PTS) | bookworm, bullseye | 1.8-1 | vulnerable |
| forky, sid, trixie | 1.8-2 | vulnerable |
| jansi1 (PTS) | bookworm | 1.18-3 | vulnerable |
| forky, sid, trixie | 1.18-3.1 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| jansi | source | (unstable) | (unfixed) | | | |
| jansi-native | source | (unstable) | (unfixed) | | | |
| jansi1 | source | (unstable) | (unfixed) | | | |
Notes
https://cert.pl/en/posts/2026/06/CVE-2026-8484/
double-check source packages, as there is not much details from cert.pl post