CNNVD-202510-2345 Information

CNNVD ID

CNNVD-202510-2345

Related CVE

CVE-2025-62492

• CNNVD Published: 2025-10-16

Description (Chinese)

QuickJS是QuickJS开源的一个小型且可嵌入的 Javascript 引擎。 QuickJS存在安全漏洞，该漏洞源于TypedArray.prototype.indexOf函数在处理负fromIndex参数时存在浮点运算精度错误，可能导致越界读取和信息泄露。

Description (English)

QuickJS is a small, embedded Javascript engine for QuickJS open source. QuickJS has a security loophole, which stems from the error of the TypedArray.prototype.indexof function in floating-point accuracy when dealing with negative fromIndex parameters, which may lead to cross-border reading and information leakage.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

QuickJS

Published

2025-10-16

Last Modified

2026-02-24

References

https://bellard.org/quickjs/Changelog https://issuetracker.google.com/434194797