2430785 – (CVE-2026-1144) CVE-2026-1144 quickjs-ng: quickjs-ng: Use-after-free vulnerability in Atomics Ops Handler

Bug 2430785 (CVE-2026-1144) - CVE-2026-1144 quickjs-ng: quickjs-ng: Use-after-free vulnerability in Atomics Ops Handler

Summary: CVE-2026-1144 quickjs-ng: quickjs-ng: Use-after-free vulnerability in Atomics...

Keywords:
Status:	NEW
Alias:	CVE-2026-1144
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2430799 2430801 2430803 2430805 2430807
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-19 08:01 UTC by OSIDB Bzimport
Modified:	2026-01-19 10:17 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-19 08:01:17 UTC

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141. Applying a patch is advised to resolve this issue.

Note You need to log in before you can comment on or make changes to this bug.