Search CVE reports
1 – 6 of 6 results
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
1 affected package
quickjs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
quickjs | Needs evaluation | Not in release | Not in release | — |
quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
1 affected package
quickjs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
quickjs | Needs evaluation | Not in release | Not in release | — |
Some fixes available 1 of 2
QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c.
1 affected package
quickjs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
quickjs | Fixed | Not in release | Not in release | — |
A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JS_GetRuntime of the file quickjs.c of the component qjs. The manipulation leads to...
1 affected package
quickjs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
quickjs | Not affected | Not in release | Not in release | — |
Some fixes available 1 of 2
QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.
1 affected package
quickjs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
quickjs | Fixed | Not in release | Not in release | — |
Some fixes available 1 of 2
QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of “this” with eval.
1 affected package
quickjs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
quickjs | Fixed | Not in release | Not in release | — |