OSV-2026-764

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/quickjs/OSV-2026-764.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-764
Published
2026-05-18T00:08:58.747302Z
Modified
2026-05-18T00:08:58.747613Z
Summary
Heap-use-after-free in JS_DefineProperty
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513811188

Crash type: Heap-use-after-free READ 8
Crash state:
JS_DefineProperty
build_backtrace
JS_CallInternal
References

Affected packages

OSS-Fuzz / quickjs

Package

Name
quickjs
Purl
pkg:generic/quickjs

Affected ranges

Type
GIT
Repo
https://github.com/bellard/quickjs
Events
Introduced
d7ae12ae71dfd6ab2997527d295014a8996fa0f9
Fixed
d73189dd5a582c19c565774bd56fed4e72d33c99

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific

fixed_range 
"e182e3df5c51017a7faa97a654b3f2b9c6330448:d73189dd5a582c19c565774bd56fed4e72d33c99"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/quickjs/OSV-2026-764.yaml"