OSV-2025-524

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/quickjs/OSV-2025-524.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-524
Published
2025-07-05T00:19:21.758513Z
Modified
2025-07-05T00:19:21.758880Z
Summary
Heap-buffer-overflow in JS_CallInternal
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=429330008

Crash type: Heap-buffer-overflow READ 1
Crash state:
JS_CallInternal
async_func_resume
js_async_function_resume
References

Affected packages

OSS-Fuzz / quickjs

Package

Name
quickjs
Purl
pkg:generic/quickjs

Affected ranges

Type
GIT
Repo
https://github.com/bellard/quickjs
Events

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

introduced_range
"4d9a27c578d20fc22f0f1a51ff3bfaf47798f30e:458c34d29d0d262f824ea1c0e01aa0e3790669da"
source
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/quickjs/OSV-2025-524.yaml"