CVE-2023-40889
Debian Security Advisory 5614-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.
It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-22 CVE Reserved
- 2023-08-29 CVE Published
- 2024-08-02 CVE Updated
- 2025-02-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://hackmd.io/%40cspl/B1ZkFZv23 | ||
| https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zbar Project Search vendor "Zbar Project" | Zbar Search vendor "Zbar Project" for product "Zbar" | 0.23.90 Search vendor "Zbar Project" for product "Zbar" and version "0.23.90" | - |
Affected
| ||||||