Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2023-40890

A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

Related bugs and status

CVE-2023-40890 (Candidate) is related to these bugs:

Bug #2039712: Two critical CVEs in zbar

Summary				In	Importance	Status
	2039712	Two critical CVEs in zbar		zbar (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: https://hackmd.io/@csp...
MLIST: [debian-lts-announce] ...
FEDORA: FEDORA-2024-583e4098b9
FEDORA: FEDORA-2024-73d5220ed3