Comment 1 for bug 1878738

I have identified the same issue. Parsing a relatively small file may result in a calloc failure because lh_table_new attempts to allocate an incorrectly size block of memory. In my case it attempted to allocate over 68 GiB in a single allocation.

The cause seems to be the changes in the CVE patch:

json-c (0.12.1-1.3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflows
    - debian/patches/CVE-2020-12762-*.patch: fix a series of
      integer overflows adding checks in linkhash.c, printbuf.c.
    - CVE-2020-12762

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 11 May 2020 16:29:02 -0300