PYSEC-2026-576

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/zbar/PYSEC-2026-576.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-576
Aliases
Published
2026-06-29T11:50:44.123752Z
Modified
2026-07-01T20:23:12.100943Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Heap-based buffer overflow in ZBar
Details

A heap-based buffer overflow exists in the qrreadermatch_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

References

Affected packages

PyPI / zbar

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.23.90

Affected versions

0.*
0.10

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/zbar/PYSEC-2026-576.yaml"