Lucene search

K

GoogleOSV:GHSA-MHP6-JVPX-2P4M

HistoryAug 29, 2023 - 6:31 p.m.

Heap-based buffer overflow in ZBar

2023-08-2918:31:53

Google

osv.dev

14

heap-based

buffer overflow

zbar

qr code

vulnerability

information disclosure

arbitrary code execution

attacker

scanner

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

45.5%

A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

CPENameOperatorVersion
zbareq0.10

References

github.com/mchehab/zbar

hackmd.io/@cspl/B1ZkFZv23

lists.debian.org/debian-lts-announce/2023/12/msg00001.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25LZZQJGGZRPLKTRNRNOTAFQJIPS7WRP

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DC7V5YCLCPB36J2KY6WLZCABFLBRB665

nvd.nist.gov/vuln/detail/CVE-2023-40889

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

45.5%

Related for OSV:GHSA-MHP6-JVPX-2P4M

alpinelinux1 prion1 cvelist1 nvd1 ubuntucve1 osv3 veracode1 cve1 github1 debiancve1 nessus5 openvas4 debian2 fedora2 amazon1