CVE-2023-40890

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-40890
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-40890.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-40890
Related
Published
2023-08-29T17:15:12Z
Modified
2024-10-12T11:04:02.137919Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

References

Affected packages

Debian:11 / zbar

Package

Name
zbar
Purl
pkg:deb/debian/zbar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.90-1+deb11u1

Affected versions

0.*

0.23.90-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / zbar

Package

Name
zbar
Purl
pkg:deb/debian/zbar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.92-7+deb12u1

Affected versions

0.*

0.23.92-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / zbar

Package

Name
zbar
Purl
pkg:deb/debian/zbar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.92-9

Affected versions

0.*

0.23.92-7
0.23.92-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/mchehab/zbar

Affected ranges

Type
GIT
Repo
https://github.com/mchehab/zbar
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected