Quickjs Project: Security Vulnerabilities
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
CVSS Score
5.6
EPSS Score
0.0
Published
2025-04-27
QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-12
Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. This issue is resolved in the 2020-07-05 release.
CVSS Score
7.5
EPSS Score
0.007
Published
2021-07-13