Advisories » MGASA-2024-0374

Updated zbar packages fix security vulnerabilities

Publication date: 27 Nov 2024
Modification date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-40889 , CVE-2023-40890

Description

A heap-based buffer overflow exists in the qr_reader_match_centers
function of ZBar 0.23.90. Specially crafted QR codes may lead to
information disclosure and/or arbitrary code execution. To trigger this
vulnerability, an attacker can digitally input the malicious QR code, or
prepare it to be physically scanned by the vulnerable scanner.
CVE-2023-40889
A stack-based buffer overflow vulnerability exists in the
lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may
lead to information disclosure and/or arbitrary code execution. To
trigger this vulnerability, an attacker can digitally input the
malicious QR code, or prepare it to be physically scanned by the
vulnerable scanner. CVE-2023-40890
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33790
• https://ubuntu.com/security/notices/USN-7118-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40889
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40890

SRPMS

9/core

• zbar-0.23.93-1.mga9