2430790 – (CVE-2026-1145) CVE-2026-1145 quickjs-ng: quickjs-ng quickjs: Heap-based buffer overflow leading to information disclosure or denial of service

Bug 2430790 (CVE-2026-1145) - CVE-2026-1145 quickjs-ng: quickjs-ng quickjs: Heap-based buffer overflow leading to information disclosure or denial of service

Summary: CVE-2026-1145 quickjs-ng: quickjs-ng quickjs: Heap-based buffer overflow lead...

Keywords:
Status:	NEW
Alias:	CVE-2026-1145
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2430800 2430802 2430804 2430806 2430808
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-19 09:01 UTC by OSIDB Bzimport
Modified:	2026-01-19 10:18 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-19 09:01:15 UTC

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue.

Note You need to log in before you can comment on or make changes to this bug.