9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
45.5%
libzbar.so is vulnerable to Heap-based Buffer Overflow. A heap-based buffer overflow in the lookup_sequence
function allows an attacker to create a specially crafted QR code that, when scanned, could lead to information disclosure or arbitrary code execution.
github.com/advisories/GHSA-p3ww-vpp7-fpm5
github.com/mchehab/zbar/blob/0.23.92/zbar/decoder/databar.c#L667
hackmd.io/%40cspl/H1PxPAUnn
hackmd.io/@cspl/H1PxPAUnn
lists.debian.org/debian-lts-announce/2023/12/msg00001.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25LZZQJGGZRPLKTRNRNOTAFQJIPS7WRP/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DC7V5YCLCPB36J2KY6WLZCABFLBRB665/