OSV-2025-1016

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/quickjs/OSV-2025-1016.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-1016
Published
2025-12-24T00:15:30.844439Z
Modified
2026-03-24T14:27:33.512734Z
Summary
Use-of-uninitialized-value in js_create_function
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=471075808

Crash type: Use-of-uninitialized-value
Crash state:
js_create_function
__JS_EvalInternal
JS_EvalObject
References

Affected packages

OSS-Fuzz / quickjs

Package

Name
quickjs
Purl
pkg:generic/quickjs

Affected ranges

Type
GIT
Repo
https://github.com/bellard/quickjs
Events
Introduced
24379bf53c30b35151f345318d850bac49219288
Fixed
d7ae12ae71dfd6ab2997527d295014a8996fa0f9

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

introduced_range 
"b22685617750e51d95f643d8eb1382dd09dd3bf1:e5fd3918c1c4a2ee39016e71b66a9eeda85ce716"
fixed_range 
"a31dcef98c7d1d8927871ac169a1c24ad8875046:d7ae12ae71dfd6ab2997527d295014a8996fa0f9"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/quickjs/OSV-2025-1016.yaml"