{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2025-11-03" } ] } ] }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea" } ], "repo": "https://github.com/bellard/quickjs", "type": "GIT" } ] } ], "details": "A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery Patch name: c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. To fix this issue, it is recommended to deploy a patch.", "id": "CVE-2025-12745", "modified": "2026-04-01T23:09:53.502505645Z", "published": "2025-11-05T19:15:50.390Z", "references": [ { "type": "ADVISORY", "url": "https://vuldb.com/?id.331268" }, { "type": "REPORT", "url": "https://github.com/bellard/quickjs/issues/451" }, { "type": "REPORT", "url": "https://github.com/bellard/quickjs/issues/451#issue-3533698042" }, { "type": "REPORT", "url": "https://github.com/bellard/quickjs/issues/451#issuecomment-3481807558" }, { "type": "REPORT", "url": "https://vuldb.com/?ctiid.331268" }, { "type": "FIX", "url": "https://github.com/bellard/quickjs/commit/c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea" }, { "type": "EVIDENCE", "url": "https://vuldb.com/?submit.678850" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }