Description
ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.
References (5)
Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
https://sourceforge.net/p/zint/tickets/218/
Vendor Advisory x_refsource_misc
http://zint.org.uk/Manual.aspx?type=p&page=3
Vendor Advisory x_refsource_misc
http://zint.org.uk/Manual.aspx?type=p&page=4
Vendor Advisory x_refsource_misc
http://zint.org.uk/Manual.aspx?type=p&page=5
Patch, Third Party Advisory x_refsource_misc
https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/
Scores
CVSS v3
7.5
EPSS
0.0237
EPSS Percentile
81.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-787
Status
published
Products (1)
zint/barcode_generator
2.9.1
Published
Feb 26, 2021
Tracked Since
Feb 18, 2026