Description

A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JS_FreeRuntime (list_empty(&rt->gc_obj_list)) during runtime cleanup. Although the engine reports an OOM error, it subsequently aborts with SIGABRT because the GC object list is not fully released. This results in a denial of service.

INFO

Published Date :

2026-03-06T00:00:00.000Z

Last Modified :

2026-03-12T18:39:37.202Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69654 vulnerability.

Vendors Products
Bellard
  • Quickjs
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69654.

URL Resource
https://github.com/bellard/quickjs/issues/468 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact