Primary

Context

mquickjs Denial-of-Service Vulnerability in get_mblock_size Function

Vulnerability

A denial-of-service vulnerability has been identified in mquickjs versions prior to the January 15, 2026 commit 74b7e. This issue allows a local attacker to cause a segmentation fault by sending a crafted file to the get_mblock_size function in mquickjs.c.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing a crash of the mquickjs program.

Reproduction

The vulnerability can be reproduced by compiling mquickjs with the x86_32 architecture flag, then running the program with a file that contains an empty string followed by a parenthetical expression, such as '(123)'. This combination triggers the segmentation fault by causing a read memory access violation.

Remediation

Users can update to the latest version of mquickjs, as this vulnerability has been fixed in the January 15, 2026 commit.

Added: Feb 10, 2026, 4:24 PM

Updated: Feb 11, 2026, 12:44 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.5

remediation

0.0

relevance

2.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.5

remediation

0.0

relevance

2.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

mquickjs Denial-of-Service Vulnerability in get_mblock_size Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating