{"id":"CVE-2025-46688","details":"quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.","modified":"2026-02-15T07:52:15.744726Z","published":"2025-04-27T20:15:15.877Z","references":[{"type":"WEB","url":"https://bellard.org/quickjs/Changelog"},{"type":"ADVISORY","url":"https://github.com/bellard/quickjs/issues/399"},{"type":"ADVISORY","url":"https://github.com/quickjs-ng/quickjs/issues/1018"},{"type":"FIX","url":"https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a"},{"type":"FIX","url":"https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465"},{"type":"FIX","url":"https://github.com/quickjs-ng/quickjs/pull/1020"},{"type":"EVIDENCE","url":"https://github.com/bellard/quickjs/issues/399"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bellard/quickjs","events":[{"introduced":"0"},{"fixed":"1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-46688.json","vanir_signatures":[{"id":"CVE-2025-46688-044409f0","target":{"function":"JS_ReadString","file":"quickjs.c"},"signature_version":"v1","deprecated":false,"source":"https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a","digest":{"function_hash":"142692094675163766248626593700788711688","length":811},"signature_type":"Function"},{"id":"CVE-2025-46688-1a1ff5f3","target":{"function":"JS_ReadBigInt","file":"quickjs.c"},"signature_version":"v1","deprecated":false,"source":"https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a","digest":{"function_hash":"336496557054134187046122969882429829436","length":1132},"signature_type":"Function"},{"id":"CVE-2025-46688-a60cba44","target":{"file":"quickjs.c"},"signature_version":"v1","deprecated":false,"source":"https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a","digest":{"line_hashes":["332843701671949011927925472935012798470","2839624452217712103974220836174867049","288151278143669609929298465611219788168","188454192332916566193707748698446093391","79438405961513643496536004750457880999","325719805685408242905203207394663183541","197282144242275764245491051908965424488","320908443830838053491245422122902773636","63727860886987091610230413880950274479"],"threshold":0.9},"signature_type":"Line"}]}},{"ranges":[{"type":"GIT","repo":"https://github.com/quickjs-ng/quickjs","events":[{"introduced":"0"},{"fixed":"28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465"}]}],"versions":["v0.1.0","v0.2.0","v0.3.0","v0.4.0","v0.4.1","v0.5.0","v0.6.0","v0.6.1","v0.7.0","v0.8.0","v0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-46688.json","vanir_signatures":[{"id":"CVE-2025-46688-21a8c8c7","target":{"function":"JS_ReadString","file":"quickjs.c"},"signature_version":"v1","deprecated":false,"source":"https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465","digest":{"function_hash":"270962480617078350710858187892553615935","length":930},"signature_type":"Function"},{"id":"CVE-2025-46688-422349d2","target":{"function":"JS_ReadBigInt","file":"quickjs.c"},"signature_version":"v1","deprecated":false,"source":"https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465","digest":{"function_hash":"257371793794463417891731969341144570958","length":1045},"signature_type":"Function"},{"id":"CVE-2025-46688-5c4385fc","target":{"file":"quickjs.c"},"signature_version":"v1","deprecated":false,"source":"https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465","digest":{"line_hashes":["332843701671949011927925472935012798470","2839624452217712103974220836174867049","288151278143669609929298465611219788168","188454192332916566193707748698446093391","79438405961513643496536004750457880999","325719805685408242905203207394663183541","197282144242275764245491051908965424488","320908443830838053491245422122902773636","63727860886987091610230413880950274479"],"threshold":0.9},"signature_type":"Line"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}