DEBIAN-CVE-2025-62490
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-62490
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-62490.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-62490
- Upstream
- Published
- 2025-10-16T16:15:39.270Z
- Modified
- 2025-11-20T10:18:27.013846Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In quickjs, in jsprintobject, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during jsprintvalue, during which the array could get resized and len1 become out of bounds. This results in a use-after-free.A second instance occurs in the same function during printing of a map or set objects. The code iterates over ms->records list, but once again, elements could be removed from the list during jsprintvalue call.
- References
Affected packages
Debian:13 / quickjs
Package
- Name
- quickjs
- Purl
- pkg:deb/debian/quickjs?arch=source
Debian:14 / quickjs
Package
- Name
- quickjs
- Purl
- pkg:deb/debian/quickjs?arch=source