Vulnerability Description
A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zbar Project | Zbar | 0.23.90 |
Related Weaknesses (CWE)
References
- https://hackmd.io/%40cspl/H1PxPAUnn
- https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://hackmd.io/%40cspl/H1PxPAUnn
- https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/[email protected]
FAQ
What is CVE-2023-40890?
CVE-2023-40890 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To tr...
How severe is CVE-2023-40890?
CVE-2023-40890 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-40890?
Check the references section above for vendor advisories and patch information. Affected products include: Zbar Project Zbar.