PT-2025-18014 · Unknown +1 · Quickjs-Ng +1

Name of the Vulnerable Software and Affected Versions: quickjs-ng versions 0.9.0 and earlier QuickJS versions prior to 2025-04-26 Description: The issue is related to an incorrect size calculation in JS ReadBigInt for a BigInt, leading to a heap-based buffer overflow. Recommendations: For...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS 0.9.0 and earlier versions, which stems from a lack of length checking in JSReadString, and may result in a heap buffer overflow...

CVE-2025-46688

CVE-2025-46688 affects quickjs-ng up to 0.9.0, with an incorrect size calculation in JS_ReadBigInt for a BigInt that leads to a heap-based buffer overflow. The vulnerability also affects QuickJS prior to 2025-04-26. Connected sources consistently describe the faulty size computation as the root c...

CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS 0.9.0 and earlier versions, which stems from a BigInt size miscalculation in JSReadBigInt, which could lead to a heap-based buffer overflow...

CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

PT-2025-18013 · Unknown +1 · Quickjs-Ng +1

Name of the Vulnerable Software and Affected Versions: quickjs-ng versions 0.9.0 and earlier QuickJS versions prior to 2025-04-26 Description: The issue is related to a missing length check in JS ReadString for a string, which can lead to a heap-based buffer overflow. Recommendations: For...

CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

CVE-2025-46687

CVE-2025-46687 affects quickjs-ng up to 0.9.0. A missing length check in JS_ReadString can cause a heap-based buffer overflow, impacting QuickJS builds before 2025-04-26. This vulnerability is echoed across multiple sources (NVD, OSV, Debian/Ubuntu advisories and Nessus context), confirming the i...

CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

Ubuntu 24.04 LTS : QuickJS vulnerabilities (USN-7439-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7439-1 advisory. It was discovered that QuickJS could be forced to reference uninitialized memory in certain instances. An attacker could possibly use this issue to cause...

Ubuntu: Security Advisory (USN-7439-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7439-1: QuickJS vulnerabilities

It was discovered that QuickJS could be forced to reference uninitialized memory in certain instances. An attacker could possibly use this issue to cause QuickJS to crash, resulting in a denial of service, or execute arbitrary code. CVE-2023-48183 It was discovered that QuickJS incorrectly manage...

USN-7439-1 quickjs vulnerabilities

It was discovered that QuickJS could be forced to reference uninitialized memory in certain instances. An attacker could possibly use this issue to cause QuickJS to crash, resulting in a denial of service, or execute arbitrary code. CVE-2023-48183 It was discovered that QuickJS incorrectly manage...

CVE-2024-13903

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JSGetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely...

DEBIAN-CVE-2024-13903

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JSGetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely...