A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.
References
Configurations
History
18 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Dec 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 04:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
31 Aug 2023, 18:35
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://hackmd.io/@cspl/H1PxPAUnn - Exploit, Third Party Advisory | |
CWE | CWE-787 | |
CPE | cpe:2.3:a:zbar_project:zbar:0.23.90:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Zbar Project zbar
Zbar Project |
29 Aug 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-29 17:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-40890
Mitre link : CVE-2023-40890
CVE.ORG link : CVE-2023-40890
JSON object : View
Products Affected
zbar_project
- zbar
CWE
CWE-787
Out-of-bounds Write