Описание
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | needs-triage | |
| esm-apps/bionic | released | 0.10+doc-10.1ubuntu0.1~esm1 |
| esm-apps/focal | released | 0.23-1.3ubuntu0.1~esm1 |
| esm-apps/jammy | released | 0.23.92-4ubuntu0.1~esm1 |
| esm-apps/noble | not-affected | 0.23.92-9 |
| esm-apps/xenial | released | 0.10+doc-10ubuntu1+esm1 |
| esm-infra-legacy/trusty | needed | |
| focal | ignored | end of standard support, was needed |
| jammy | needed |
Показывать по
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.
A heap-based buffer overflow exists in the qr_reader_match_centers fun ...
Уязвимость функции qr_reader_match_centers() библиотеки чтения штрих-кодов ZBar, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
9.8 Critical
CVSS3