Quickjs Project: >> Quickjs >> 2022-03-06 Security Vulnerabilities
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
CVSS Score
5.6
EPSS Score
0.0
Published
2025-04-27
QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-12