UBUNTU-CVE-2023-40890

Source
https://ubuntu.com/security/CVE-2023-40890
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-40890.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-40890
Related
Published
2023-08-29T17:15:00Z
Modified
2024-11-21T16:31:31Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

References

Affected packages

Ubuntu:20.04:LTS / zbar

Package

Name
zbar
Purl
pkg:deb/ubuntu/zbar?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.23-1.1
0.23-1.2
0.23-1.3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / zbar

Package

Name
zbar
Purl
pkg:deb/ubuntu/zbar?arch=src?distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23-1.3ubuntu0.1~esm1

Affected versions

0.*

0.23-1.1
0.23-1.2
0.23-1.3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "libbarcode-zbar-perl"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "libbarcode-zbar-perl-dbgsym"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "libzbar-dev"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "libzbar0"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "libzbar0-dbgsym"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "libzbargtk-dev"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "libzbargtk0"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "libzbargtk0-dbgsym"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "libzbarqt-dev"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "libzbarqt0"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "libzbarqt0-dbgsym"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "python3-zbar"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "python3-zbar-dbgsym"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "zbar-tools"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "zbar-tools-dbgsym"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "zbarcam-gtk"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "zbarcam-gtk-dbgsym"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "zbarcam-qt"
        },
        {
            "binary_version": "0.23-1.3ubuntu0.1~esm1",
            "binary_name": "zbarcam-qt-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / zbar

Package

Name
zbar
Purl
pkg:deb/ubuntu/zbar?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.23.90-1
0.23.92-4
0.23.92-4build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:22.04:LTS / zbar

Package

Name
zbar
Purl
pkg:deb/ubuntu/zbar?arch=src?distro=esm-apps/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.92-4ubuntu0.1~esm1

Affected versions

0.*

0.23.90-1
0.23.92-4
0.23.92-4build2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "libbarcode-zbar-perl"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "libbarcode-zbar-perl-dbgsym"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "libzbar-dev"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "libzbar0"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "libzbar0-dbgsym"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "libzbargtk-dev"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "libzbargtk0"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "libzbargtk0-dbgsym"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "libzbarqt-dev"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "libzbarqt0"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "libzbarqt0-dbgsym"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "python3-zbar"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "python3-zbar-dbgsym"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "zbar-tools"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "zbar-tools-dbgsym"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "zbarcam-gtk"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "zbarcam-gtk-dbgsym"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "zbarcam-qt"
        },
        {
            "binary_version": "0.23.92-4ubuntu0.1~esm1",
            "binary_name": "zbarcam-qt-dbgsym"
        }
    ]
}

Ubuntu:24.04:LTS / zbar

Package

Name
zbar
Purl
pkg:deb/ubuntu/zbar?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.92-9

Affected versions

0.*

0.23.92-8

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.23.92-9",
            "binary_name": "gir1.2-zbar-1.0"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "libbarcode-zbar-perl"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "libbarcode-zbar-perl-dbgsym"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "libzbar-dev"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "libzbar0"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "libzbar0-dbgsym"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "libzbargtk-dev"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "libzbargtk0"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "libzbargtk0-dbgsym"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "libzbarqt-dev"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "libzbarqt0"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "libzbarqt0-dbgsym"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "python3-zbar"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "python3-zbar-dbgsym"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "zbar-tools"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "zbar-tools-dbgsym"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "zbarcam-gtk"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "zbarcam-gtk-dbgsym"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "zbarcam-qt"
        },
        {
            "binary_version": "0.23.92-9",
            "binary_name": "zbarcam-qt-dbgsym"
        }
    ]
}