UBUNTU-CVE-2023-40889

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2023-40889

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-40889.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-40889

Related

CVE-2023-40889

Published

2023-08-29T17:15:00Z

Modified

2024-10-15T14:11:43Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A heap-based buffer overflow exists in the qrreadermatch_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

References

Affected packages

Ubuntu:Pro:14.04:LTS / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10+doc-9

0.10+doc-9build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10+doc-10build1

0.10+doc-10build2

0.10+doc-10ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10+doc-10.1build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.23-1.1

0.23-1.2

0.23-1.3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.23.90-1

0.23.92-4

0.23.92-4build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.23.93-4build3

0.23.93-5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.23.92-8

0.23.92-9

0.23.93-1

0.23.93-1build1

0.23.93-4build1

0.23.93-4build2

0.23.93-4build3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}