Bellard
Products
3- 5 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-69654 | Hig | 0.49 | 7.5 | 0.00 | Mar 6, 2026 | A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in… | ||
| CVE-2025-69653 | Med | 0.42 | 6.5 | 0.00 | Mar 6, 2026 | A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in quickjs.c, when executed with the qjs interpreter using the -m option. This leads… | ||
| CVE-2025-70347 | Med | 0.36 | 5.5 | 0.00 | Feb 10, 2026 | An issue in mquickjs before commit 74b7e (2026-01-15) allows a local attacker to cause a denial of service via a crafted file to the get_mblock_size function at mquickjs.c. | ||
| CVE-2025-12745 | Med | 0.27 | 5.3 | 0.00 | Nov 5, 2025 | A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made… | ||
| CVE-2019-12495 | 0.00 | — | 0.01 | May 31, 2019 | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches. | |||
| CVE-2019-9754 | 0.00 | — | 0.01 | Mar 13, 2019 | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c. | |||
| CVE-2018-20374 | 0.00 | — | 0.01 | Dec 23, 2018 | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c. | |||
| CVE-2018-20376 | 0.00 | — | 0.01 | Dec 23, 2018 | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c. | |||
| CVE-2006-0635 | 0.00 | — | 0.00 | Feb 10, 2006 | Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers. |
- risk 0.49cvss 7.5epss 0.00
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in…
- risk 0.42cvss 6.5epss 0.00
A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in quickjs.c, when executed with the qjs interpreter using the -m option. This leads…
- risk 0.36cvss 5.5epss 0.00
An issue in mquickjs before commit 74b7e (2026-01-15) allows a local attacker to cause a denial of service via a crafted file to the get_mblock_size function at mquickjs.c.
- risk 0.27cvss 5.3epss 0.00
A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made…
- CVE-2019-12495May 31, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches.
- CVE-2019-9754Mar 13, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c.
- CVE-2018-20374Dec 23, 2018risk 0.00cvss —epss 0.01
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c.
- CVE-2018-20376Dec 23, 2018risk 0.00cvss —epss 0.01
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c.
- CVE-2006-0635Feb 10, 2006risk 0.00cvss —epss 0.00
Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.