Fabrice Bellard QuickJS
Moderate fix1 remedy
cpe:2.3:a:quickjs_project:quickjs:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= eb2c89087def1829ed99630cb14b549d7a98408c
QuickJS Buffer Over-Read Vulnerability in ArrayBuffer.prototype.slice Function
Vulnerability
A heap buffer overflow vulnerability has been identified in QuickJS versions prior to commit eb2c89087def1829ed99630cb14b549d7a98408c. The issue arises in the ArrayBuffer.prototype.slice() method, particularly with resizable ArrayBuffers. This vulnerability allows for a buffer over-read, where the program reads data beyond the allocated memory, potentially leading to information disclosure. The vulnerability is classified as a Time-of-Check-Time-of-Use (TOCTOU) condition, where the buffer's size is manipulated during the slicing operation, causing an out-of-bounds read of over 400 bytes.
Impact
Exploitation of this vulnerability causes a heap-buffer-overflow, leading to a read of size 500 bytes from an address 400 bytes beyond the allocated buffer, according to AddressSanitizer logs.
Reproduction
The vulnerability can be reproduced by creating a resizable ArrayBuffer and defining a custom species constructor that resizes the buffer. When the slice method is called, the vulnerability is triggered, causing a heap-buffer-overflow.
Remediation
Users are advised to update to the latest version of QuickJS, where this vulnerability has been patched.
Added: Nov 5, 2025, 7:26 PM
Updated: Nov 5, 2025, 8:20 PM
Vulnerability Rating
Custom Algorithm
spread
4.2impact
0.6exploitability
5.6remediation
7.7relevance
0.9threat
6.4urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.