UBUNTU-CVE-2023-40890

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2023-40890

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-40890.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-40890

Related

CVE-2023-40890

Published

2023-08-29T17:15:00Z

Modified

2024-10-15T14:11:43Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

References

Affected packages

Ubuntu:Pro:14.04:LTS / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10+doc-9

0.10+doc-9build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10+doc-10build1

0.10+doc-10build2

0.10+doc-10ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10+doc-10.1build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.23-1.1

0.23-1.2

0.23-1.3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.23.90-1

0.23.92-4

0.23.92-4build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.23.93-4build3

0.23.93-5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / zbar

Package

Name: zbar
Purl: pkg:deb/ubuntu/zbar?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.23.92-8

0.23.92-9

0.23.93-1

0.23.93-1build1

0.23.93-4build1

0.23.93-4build2

0.23.93-4build3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}