9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
45.5%
libzbar.so is vulnerable to Heap-based Buffer Overflow. A heap-based buffer overflow in the qr_reader_match_centers
function allows an attacker to create a specially crafted QR code that, when scanned, could lead to information disclosure or arbitrary code execution.
github.com/advisories/GHSA-mhp6-jvpx-2p4m
github.com/mchehab/zbar/blob/0.23.92/zbar/qrcode/qrdec.c#L3885
hackmd.io/%40cspl/B1ZkFZv23
hackmd.io/@cspl/B1ZkFZv23
lists.debian.org/debian-lts-announce/2023/12/msg00001.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25LZZQJGGZRPLKTRNRNOTAFQJIPS7WRP/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DC7V5YCLCPB36J2KY6WLZCABFLBRB665/