1. Ubuntu Security Notices
  2. USN-8238-2

USN-8238-2: EditorConfig vulnerability

Publication date

2 June 2026

Overview

EditorConfig could be made to crash if it opened a specially crafted file.

Releases

Packages

Details

USN-8238-1 fixed a vulnerability in EditorConfig. This update contains the
corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that EditorConfig incorrectly handled specially crafted
configuration files. A local attacker could possibly use this issue to
cause EditorConfig to crash, resulting in a denial of service.

USN-8238-1 fixed a vulnerability in EditorConfig. This update contains the
corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that EditorConfig incorrectly handled specially crafted
configuration files. A local attacker could possibly use this issue to
cause EditorConfig to crash, resulting in a denial of service.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
22.04 LTS jammy editorconfig –  0.12.5-2ubuntu0.1~esm3  
editorconfig-doc –  0.12.5-2ubuntu0.1~esm3  
libeditorconfig-dev –  0.12.5-2ubuntu0.1~esm3  
libeditorconfig0 –  0.12.5-2ubuntu0.1~esm3  
20.04 LTS focal editorconfig –  0.12.1-1.1+deb11u1ubuntu0.1~esm1  
editorconfig-doc –  0.12.1-1.1+deb11u1ubuntu0.1~esm1  
libeditorconfig-dev –  0.12.1-1.1+deb11u1ubuntu0.1~esm1  
libeditorconfig0 –  0.12.1-1.1+deb11u1ubuntu0.1~esm1  
18.04 LTS bionic editorconfig –  0.12.1-1.1ubuntu0.18.04.1~esm3  
editorconfig-doc –  0.12.1-1.1ubuntu0.18.04.1~esm3  
libeditorconfig-dev –  0.12.1-1.1ubuntu0.18.04.1~esm3  
libeditorconfig0 –  0.12.1-1.1ubuntu0.18.04.1~esm3  
16.04 LTS xenial editorconfig –  0.12.0-2ubuntu0.1~esm3
editorconfig-doc –  0.12.0-2ubuntu0.1~esm3
libeditorconfig-dev –  0.12.0-2ubuntu0.1~esm3
libeditorconfig0 –  0.12.0-2ubuntu0.1~esm3

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›