CVE-2025-46687

Published April 27th, 2025

View on NVD ↗

CVSS v3

5.6

MEDIUM

CVSS v2

N/A

Affected

PROJECTS

Description

quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

bellard/quickjs

Public repository of the QuickJS Javascript Engine.

GitHub

10.7K

quickjs-ng/quickjs

QuickJS, the Next Generation: a mighty JavaScript engine

GitHub

3.18K