{"id":"CVE-2025-46688","details":"quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.","modified":"2026-04-12T15:59:38.534540Z","published":"2025-04-27T20:15:15.877Z","references":[{"type":"WEB","url":"https://bellard.org/quickjs/Changelog"},{"type":"ADVISORY","url":"https://github.com/quickjs-ng/quickjs/issues/1018"},{"type":"FIX","url":"https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a"},{"type":"FIX","url":"https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465"},{"type":"FIX","url":"https://github.com/quickjs-ng/quickjs/pull/1020"},{"type":"EVIDENCE","url":"https://github.com/bellard/quickjs/issues/399"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bellard/quickjs","events":[{"introduced":"0"},{"fixed":"1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a"}]},{"type":"GIT","repo":"https://github.com/quickjs-ng/quickjs","events":[{"introduced":"0"},{"last_affected":"670492dd342dace0bb7bd6fbfbde8f0bc5651224"},{"fixed":"28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9.0"}]}}],"versions":["v0.1.0","v0.2.0","v0.3.0","v0.4.0","v0.4.1","v0.5.0","v0.6.0","v0.6.1","v0.7.0","v0.8.0","v0.9.0"],"database_specific":{"vanir_signatures_modified":"2026-04-12T15:59:38Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2025-04-26"}]}],"vanir_signatures":[{"signature_type":"Function","id":"CVE-2025-46688-044409f0","signature_version":"v1","deprecated":false,"target":{"function":"JS_ReadString","file":"quickjs.c"},"digest":{"function_hash":"142692094675163766248626593700788711688","length":811},"source":"https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a"},{"signature_type":"Function","id":"CVE-2025-46688-1a1ff5f3","signature_version":"v1","deprecated":false,"target":{"function":"JS_ReadBigInt","file":"quickjs.c"},"digest":{"function_hash":"336496557054134187046122969882429829436","length":1132},"source":"https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a"},{"signature_type":"Function","id":"CVE-2025-46688-21a8c8c7","signature_version":"v1","deprecated":false,"target":{"function":"JS_ReadString","file":"quickjs.c"},"digest":{"function_hash":"270962480617078350710858187892553615935","length":930},"source":"https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465"},{"signature_type":"Function","id":"CVE-2025-46688-422349d2","signature_version":"v1","deprecated":false,"target":{"function":"JS_ReadBigInt","file":"quickjs.c"},"digest":{"function_hash":"257371793794463417891731969341144570958","length":1045},"source":"https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465"},{"signature_type":"Line","id":"CVE-2025-46688-5c4385fc","signature_version":"v1","deprecated":false,"target":{"file":"quickjs.c"},"digest":{"line_hashes":["332843701671949011927925472935012798470","2839624452217712103974220836174867049","288151278143669609929298465611219788168","188454192332916566193707748698446093391","79438405961513643496536004750457880999","325719805685408242905203207394663183541","197282144242275764245491051908965424488","320908443830838053491245422122902773636","63727860886987091610230413880950274479"],"threshold":0.9},"source":"https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465"},{"signature_type":"Line","id":"CVE-2025-46688-a60cba44","signature_version":"v1","deprecated":false,"target":{"file":"quickjs.c"},"digest":{"line_hashes":["332843701671949011927925472935012798470","2839624452217712103974220836174867049","288151278143669609929298465611219788168","188454192332916566193707748698446093391","79438405961513643496536004750457880999","325719805685408242905203207394663183541","197282144242275764245491051908965424488","320908443830838053491245422122902773636","63727860886987091610230413880950274479"],"threshold":0.9},"source":"https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46688.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}