CVE-2025-62490— Use-after-free in js_print_object in QuickJS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-62490
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use-after-free in js_print_object in QuickJS
Source: NVD (National Vulnerability Database)
Vulnerability Description
In quickjs, in js_print_object, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during js_print_value, during which the array could get resized and len1 become out of bounds. This results in a use-after-free.A second instance occurs in the same function during printing of a map or set objects. The code iterates over ms->records list, but once again, elements could be removed from the list during js_print_value call.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
QuickJS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
QuickJS是QuickJS开源的一个小型且可嵌入的 Javascript 引擎。 QuickJS存在安全漏洞,该漏洞源于js_print_object函数在打印数组和集合对象时未正确处理回调期间的数组大小变化,可能导致释放后重用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-62490
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-62490
请登录查看更多情报信息。
Same Patch Batch · QuickJS · 2025-10-16 · 7 CVEs total
| CVE-2025-62492 | Heap out-of-bounds read in js_typed_array_indexOf in QuickJS | |
| CVE-2025-62493 | Heap out-of-bounds read in js_bigint_to_string1 in QuickJS | |
| CVE-2025-62494 | Type confusion in string addition in QuickJS | |
| CVE-2025-62495 | Type confusion in string addition in QuickJS | |
| CVE-2025-62491 | Use-after-free in js_std_promise_rejection_check in QuickJS | |
| CVE-2025-62496 | Integer overflow in js_bigint_from_string in QuickJS |
IV. Related Vulnerabilities
Same product: QuickJS
- CVE-2026-3979
quickjs-ng quickjs quickjs.c js_iterator_concat_return use a - CVE-2026-1145
quickjs-ng quickjs quickjs.c js_typed_array_constructor_ta h - CVE-2026-1144
quickjs-ng quickjs Atomics Ops quickjs.c use after free - CVE-2026-0822
quickjs-ng quickjs quickjs.c js_typed_array_sort heap-based - CVE-2026-0821
quickjs-ng quickjs quickjs.c js_typed_array_constructor heap
Same vendor: QuickJS
- CVE-2025-62496
Integer overflow in js_bigint_from_string in QuickJS - CVE-2025-62495
Type confusion in string addition in QuickJS - CVE-2025-62494
Type confusion in string addition in QuickJS - CVE-2025-62493
Heap out-of-bounds read in js_bigint_to_string1 in QuickJS - CVE-2025-62492
Heap out-of-bounds read in js_typed_array_indexOf in QuickJS
V. Comments for CVE-2025-62490
No comments yet