DEBIAN-CVE-2023-40890

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2023-40890
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-40890.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-40890
Upstream
Published
2023-08-29T17:15:12Z
Modified
2025-09-19T07:33:26.190524Z
Summary
[none]
Details

A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

References

Affected packages

Debian:11 / zbar

Package

Name
zbar
Purl
pkg:deb/debian/zbar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.90-1+deb11u1

Affected versions

0.*

0.23.90-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / zbar

Package

Name
zbar
Purl
pkg:deb/debian/zbar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.92-7+deb12u1

Affected versions

0.*

0.23.92-7

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / zbar

Package

Name
zbar
Purl
pkg:deb/debian/zbar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.92-9

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / zbar

Package

Name
zbar
Purl
pkg:deb/debian/zbar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.92-9

Ecosystem specific 

{
    "urgency": "not yet assigned"
}