CVE-2025-62490

Name of the Vulnerable Software and Affected Versions quickjs (affected versions not specified)

Description The software contains a flaw where side effects during object printing can lead to use-after-free conditions. Specifically, when printing arrays, the code retrieves the array length and then iterates. However, an attacker-defined callback could modify the array during the printing process, causing the iteration to access memory outside the array bounds. A similar issue exists when printing map or set objects, where elements can be removed from the underlying data structure during the printing process, leading to invalid memory access. The issue occurs because printing a value is not side-effect free, and callbacks can alter data structures while they are being processed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.