CVE-2023-40889

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 29, 2023

Updated: Jan 18, 2024

CWE ID 787

Summary

CVE-2023-40889 is a newly identified vulnerability affecting ZBar 0.23.90. This issue involves a heap-based buffer overflow in the qr_reader_match_centers function. maliciously crafted QR codes can exploit this flaw, leading to potential information disclosure or arbitrary code execution. An attacker can deploy this threat via digital input or prepare a QR code to be physically scanned using a vulnerable scanner.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sf1Jkn
https://www.cve.org/CVERecord?id=CVE-2023-40889
https://nvd.nist.gov/vuln/detail/CVE-2023-40889

Back to Vulnerability Database

CVE-2023-40889

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations