OSV-2025-404

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/quickjs/OSV-2025-404.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2025-404

Published

2025-05-23T00:14:00.218149Z

Modified

2025-05-23T00:14:00.218494Z

Summary

Use-of-uninitialized-value in JS_FreeRuntime

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=419346940

Crash type: Use-of-uninitialized-value
Crash state:
JS_FreeRuntime
fuzz_eval.c
async_func_init

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=419346940

Affected packages

OSS-Fuzz / quickjs

Package

Name: quickjs
Purl: pkg:generic/quickjs

Affected ranges

Type: GIT
Repo: https://github.com/bellard/quickjs
Events: Introduced

2f167bbeeb7dbe69b2306332a8c708cd99d9fde0

Fixed

bb986e55ff563ea9791d1a98450c3ca57e88366c

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

{
    "introduced_range": "9bce51eefdbf38d44aa02cf34af81aafb7b7db33:f10ef299a6ab4c36c4162cc5840f128f74ec197c",
    "fixed_range": "f10ef299a6ab4c36c4162cc5840f128f74ec197c:bb986e55ff563ea9791d1a98450c3ca57e88366c"
}