CRITICAL 9.8
PYSEC-2026-576
Heap-based buffer overflow in ZBar
상세
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
PyPI / zbar
최초 영향 버전:
0 No fixed version published yet for zbar (pip). Pin to a known-safe version or switch to an alternative.
참고
- https://nvd.nist.gov/vuln/detail/CVE-2023-40889 [ADVISORY]
- https://github.com/mchehab/zbar [PACKAGE]
- https://hackmd.io/@cspl/B1ZkFZv23 [WEB]
- https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25LZZQJGGZRPLKTRNRNOTAFQJIPS7WRP [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DC7V5YCLCPB36J2KY6WLZCABFLBRB665 [WEB]
- https://pypi.org/project/zbar [PACKAGE]
- https://github.com/advisories/GHSA-mhp6-jvpx-2p4m [ADVISORY]