Vulnerability Description
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zbar Project | Zbar | 0.23.90 |
Related Weaknesses (CWE)
References
- https://hackmd.io/%40cspl/B1ZkFZv23
- https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://hackmd.io/%40cspl/B1ZkFZv23
- https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/[email protected]
FAQ
What is CVE-2023-40889?
CVE-2023-40889 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger t...
How severe is CVE-2023-40889?
CVE-2023-40889 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-40889?
Check the references section above for vendor advisories and patch information. Affected products include: Zbar Project Zbar.