CNNVD-202511-380 Information

CNNVD ID

CNNVD-202511-380

Related CVE

CVE-2025-12745

• CNNVD Published: 2025-11-05

Description (Chinese)

QuickJS是QuickJS开源的一个小型且可嵌入的 Javascript 引擎。 QuickJS存在安全漏洞，该漏洞源于文件quickjs.c中函数js_array_buffer_slice存在缓冲区过度读取，可能导致本地执行攻击。

Description (English)

QuickJS is a small, embedded Javascript engine for QuickJS open source. There is a security loophole in QuickJS, which stems from the overreading of the buffer zone in the quickjs.c function js array buffer slice, which may lead to local attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

QuickJS

Published

2025-11-05

Last Modified

2026-02-24

References

https://vuldb.com/?submit.678850 https://github.com/bellard/quickjs/issues/451#issuecomment-3481807558 https://github.com/bellard/quickjs/commit/c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea https://vuldb.com/?ctiid.331268 https://github.com/bellard/quickjs/issues/451#issue-3533698042 https://vuldb.com/?id.331268 https://access.redhat.com/security/cve/cve-2025-12745