CVE-2023-40889

CRITICAL

ZBar 0.23.90 - Heap-Based Buffer Overflow in QR Code Reader

Title source: llm
STIX 2.1

Description

A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

Scores

CVSS v3 9.8
EPSS 0.0154
EPSS Percentile 71.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (2)
pypi/zbar 0PyPI
zbar_project/zbar 0.23.90
Published Aug 29, 2023
Tracked Since Feb 18, 2026