{"id":"CVE-2025-46687","details":"quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.","modified":"2026-04-12T15:59:38.809677Z","published":"2025-04-27T20:15:15.720Z","references":[{"type":"ADVISORY","url":"https://bellard.org/quickjs/Changelog"},{"type":"REPORT","url":"https://github.com/quickjs-ng/quickjs/issues/1018"},{"type":"REPORT","url":"https://github.com/bellard/quickjs/issues/399"},{"type":"FIX","url":"https://github.com/quickjs-ng/quickjs/pull/1020"},{"type":"FIX","url":"https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a"},{"type":"FIX","url":"https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bellard/quickjs","events":[{"introduced":"0"},{"fixed":"1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a"}]},{"type":"GIT","repo":"https://github.com/quickjs-ng/quickjs","events":[{"introduced":"0"},{"last_affected":"670492dd342dace0bb7bd6fbfbde8f0bc5651224"},{"fixed":"28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9.0"}]}}],"versions":["v0.1.0","v0.2.0","v0.3.0","v0.4.0","v0.4.1","v0.5.0","v0.6.0","v0.6.1","v0.7.0","v0.8.0","v0.9.0"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"length":811,"function_hash":"142692094675163766248626593700788711688"},"signature_version":"v1","source":"https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a","deprecated":false,"id":"CVE-2025-46687-044409f0","target":{"file":"quickjs.c","function":"JS_ReadString"}},{"signature_type":"Function","digest":{"length":1132,"function_hash":"336496557054134187046122969882429829436"},"signature_version":"v1","source":"https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a","deprecated":false,"id":"CVE-2025-46687-1a1ff5f3","target":{"file":"quickjs.c","function":"JS_ReadBigInt"}},{"signature_type":"Function","digest":{"length":930,"function_hash":"270962480617078350710858187892553615935"},"signature_version":"v1","source":"https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465","deprecated":false,"id":"CVE-2025-46687-21a8c8c7","target":{"file":"quickjs.c","function":"JS_ReadString"}},{"signature_type":"Function","digest":{"length":1045,"function_hash":"257371793794463417891731969341144570958"},"signature_version":"v1","source":"https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465","deprecated":false,"id":"CVE-2025-46687-422349d2","target":{"file":"quickjs.c","function":"JS_ReadBigInt"}},{"signature_type":"Line","digest":{"line_hashes":["332843701671949011927925472935012798470","2839624452217712103974220836174867049","288151278143669609929298465611219788168","188454192332916566193707748698446093391","79438405961513643496536004750457880999","325719805685408242905203207394663183541","197282144242275764245491051908965424488","320908443830838053491245422122902773636","63727860886987091610230413880950274479"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465","deprecated":false,"id":"CVE-2025-46687-5c4385fc","target":{"file":"quickjs.c"}},{"signature_type":"Line","digest":{"line_hashes":["332843701671949011927925472935012798470","2839624452217712103974220836174867049","288151278143669609929298465611219788168","188454192332916566193707748698446093391","79438405961513643496536004750457880999","325719805685408242905203207394663183541","197282144242275764245491051908965424488","320908443830838053491245422122902773636","63727860886987091610230413880950274479"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a","deprecated":false,"id":"CVE-2025-46687-a60cba44","target":{"file":"quickjs.c"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2025-04-26"}]}],"vanir_signatures_modified":"2026-04-12T15:59:38Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46687.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}