CVE-2026-1145

CVE-2026-1145 affects quickjs-ng/quickjs up to version 0.11.0. The vulnerability resides in js_typed_array_constructor_ta in quickjs.c, enabling a heap-based buffer overflow that can be triggered remotely. Exploitation has been published; patch 53aebe66170d545bb6265906fe4324e4477de8b4 is availabl...

CVE-2026-1145

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function jstypedarrayconstructorta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may ...

CVE-2026-1144 quickjs-ng quickjs Atomics Ops quickjs.c use after free

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is...

Linux Distros Unpatched Vulnerability : CVE-2026-1144

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The...

CVE-2026-0822

A flaw was found in quickjs-ng. A remote attacker could exploit a heap-based buffer overflow vulnerability by manipulating the jstypedarraysort function in quickjs.c. This could lead to information disclosure, denial of service, or potentially arbitrary code execution. An exploit for this...

CVE-2026-0821

A flaw was found in quickjs-ng. A remote attacker can exploit a heap-based buffer overflow vulnerability in the jstypedarrayconstructor function of the quickjs.c file by executing a specially crafted manipulation. This vulnerability may lead to information disclosure, denial of service, or...

CVE-2026-0822

A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function jstypedarraysort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The...

CVE-2026-0822

A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function jstypedarraysort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The...

CVE-2026-0821

A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function jstypedarrayconstructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed a...

CVE-2026-0821 quickjs-ng quickjs quickjs.c js_typed_array_constructor heap-based overflow

A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function jstypedarrayconstructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed a...

CVE-2026-0821 quickjs-ng quickjs quickjs.c js_typed_array_constructor heap-based overflow

A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function jstypedarrayconstructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed a...

CVE-2026-0821

The CVE-2026-0821 issue affects quickjs-ng/quickjs up to 0.11.0, specifically the js_typed_array_constructor in quickjs.c. The vulnerability enables a heap-based buffer overflow and can be exploited remotely. A publicly disclosed exploit exists. A patch is available (hash: c5d80831e51e48a83eab16e...

CVE-2026-0821

A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function jstypedarrayconstructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed a...

PT-2026-2028

Name of the Vulnerable Software and Affected Versions quickjs-ng versions up to 0.11.0 Description A flaw exists in quickjs-ng quickjs that could lead to a heap-based buffer overflow. This issue is located in the js typed array sort function within the quickjs.c file. Remote exploitation is...

PT-2026-2027

Name of the Vulnerable Software and Affected Versions quickjs-ng versions up to 0.11.0 Description A flaw exists in quickjs-ng up to version 0.11.0 due to a heap-based buffer overflow in the js typed array constructor function within the quickjs.c file. This issue can be triggered remotely throug...

Linux Distros Unpatched Vulnerability : CVE-2025-46688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is...

DEBIAN-CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

DEBIAN-CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...