OSV-2025-959

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/quickjs/OSV-2025-959.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-959
Published
2025-11-29T00:18:54.036831Z
Modified
2025-11-29T00:18:54.037236Z
Summary
Heap-buffer-overflow in re_parse_term
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=464349132

Crash type: Heap-buffer-overflow READ 2
Crash state:
re_parse_term
re_parse_disjunction
re_parse_term
References

Affected packages

OSS-Fuzz / quickjs

Package

Name
quickjs
Purl
pkg:generic/quickjs

Affected ranges

Type
GIT
Repo
https://github.com/bellard/quickjs
Events
Introduced
7ab23413b849692350fadf0578d31498cb0043a3
Fixed
b22685617750e51d95f643d8eb1382dd09dd3bf1

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

fixed_range

"a77400796df93195e431216efa6e5344f40d08fe:b22685617750e51d95f643d8eb1382dd09dd3bf1"

introduced_range

"fcbf5ea2a63510f35f9ab2baadd59781be16a167:a77400796df93195e431216efa6e5344f40d08fe"

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/quickjs/OSV-2025-959.yaml"