OSV-2025-846

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/quickjs/OSV-2025-846.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-846
Published
2025-10-20T00:03:40.943765Z
Modified
2025-10-20T00:03:40.944363Z
Summary
Use-of-uninitialized-value in js_create_function
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=453198741

Crash type: Use-of-uninitialized-value
Crash state:
js_create_function
__JS_EvalInternal
JS_EvalObject
References

Affected packages

OSS-Fuzz / quickjs

Package

Name
quickjs
Purl
pkg:generic/quickjs

Affected ranges

Type
GIT
Repo
https://github.com/bellard/quickjs
Events
Introduced
42eb2795f0daec0adddb0392823a27a64b676169
Fixed
080c01f34696351d21f34f99081e93adb41ae74a

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

introduced_range

"7a488f3e0c1c03699c069bc04f5ce5f1c7f3414a:eb9fa2b8dac0c7a431ef5255fb55943da78d2f3a"

fixed_range

"eb2c89087def1829ed99630cb14b549d7a98408c:080c01f34696351d21f34f99081e93adb41ae74a"