CVE-2023-40890

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 29, 2023
Updated: Jan 18, 2024
CWE ID 787

Summary

CVE-2023-40890 is a stack-based buffer overflow vulnerability discovered in the lookup_sequence function of ZBar 0.23.90. Malicious QR codes can exploit this issue, leading to information disclosure or arbitrary code execution. An attacker can manipulate the QR code digitally or prepare it for physical scanning to trigger this vulnerability. This flaw poses a significant risk to organizations and individuals who use ZBar for QR code scanning. It is recommended to update to the latest version of ZBar to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share