Im-Razvan

**Name of the Vulnerable Software and Affected Versions** quickjs-ng quickjs versions through 0.12.1 **Description** An issue exists in quickjs-ng quickjs up to version 0.12.1, specifically within the `js iterator concat return` function located in the `quickjs.c` file. This manipulation leads to a use-after-free condition. Exploitation requires local access. The exploit has been published and is potentially available for use. The vulnerable function is `js iterator concat return`. **Recommendations** quickjs-ng quickjs versions through 0.12.1: Apply the patch daab4ad4bae4ef071ed0294618d6244e92def4cd to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** QuickJS versions prior to eb2c89087def1829ed99630cb14b549d7a98408c **Description** A flaw exists in QuickJS that allows for a buffer over-read. This issue is related to the `js array buffer slice` function within the `quickjs.c` file. Exploitation is limited to local execution. The exploit code has been publicly released. **Recommendations** Deploy patch c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea.