Filtered by vendor Bellard
Subscriptions
Filtered by product Quickjs
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69653 | 1 Bellard | 1 Quickjs | 2026-03-09 | N/A |
| A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in quickjs.c, when executed with the qjs interpreter using the -m option. This leads to an abort (SIGABRT) during garbage collection and causes a denial-of-service. | ||||
| CVE-2025-69654 | 1 Bellard | 1 Quickjs | 2026-03-09 | N/A |
| A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JS_FreeRuntime (list_empty(&rt->gc_obj_list)) during runtime cleanup. Although the engine reports an OOM error, it subsequently aborts with SIGABRT because the GC object list is not fully released. This results in a denial of service. | ||||
| CVE-2025-46687 | 3 Bellard, Quickjs-ng, Quickjs Project | 3 Quickjs, Quickjs, Quickjs | 2026-01-14 | 5.6 Medium |
| quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected. | ||||
| CVE-2025-12745 | 2 Bellard, Quickjs-ng | 2 Quickjs, Quickjs | 2026-01-08 | 5.3 Medium |
| A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery Patch name: c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2024-33263 | 2 Bellard, Ubuntu | 2 Quickjs, Ubuntu | 2025-09-22 | 4 Medium |
| QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c. | ||||
Page 1 of 1.