Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-40889

Published: 29/08/2023 Updated: 18/01/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Zbar Project

Vulnerability Summary

A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zbar project zbar 0.23.90

Vendor Advisories

Debian CVElist Bug Report Logs: zbar: CVE-2023-40889 CVE-2023-40890
Debian Bug report logs - #1051724 zbar: CVE-2023-40889 CVE-2023-40890 Package: src:zbar; Maintainer for src:zbar is Boyuan Yang <byang@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 11 Sep 2023 19:18:01 UTC Severity: important Tags: security, upstream Reply or subscribe to this bug To ...
Amazon Linux AMI: ALAS-2023-1887
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 02390 Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner (CVE-2023- ...

References

CWE-787https://hackmd.io/%40cspl/B1ZkFZv23https://lists.debian.org/debian-lts-announce/2023/12/msg00001.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25LZZQJGGZRPLKTRNRNOTAFQJIPS7WRP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DC7V5YCLCPB36J2KY6WLZCABFLBRB665/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051724https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2023-1887.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook